From 51ba23f05a7afbbd64f823f24eef076ca511e1a7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:56:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0031.json | 130 ++++---- 2001/0xxx/CVE-2001-0075.json | 130 ++++---- 2001/0xxx/CVE-2001-0111.json | 150 ++++----- 2001/0xxx/CVE-2001-0300.json | 140 ++++----- 2001/0xxx/CVE-2001-0364.json | 140 ++++----- 2001/0xxx/CVE-2001-0483.json | 140 ++++----- 2001/0xxx/CVE-2001-0607.json | 130 ++++---- 2001/0xxx/CVE-2001-0643.json | 180 +++++------ 2006/2xxx/CVE-2006-2330.json | 190 ++++++------ 2006/2xxx/CVE-2006-2989.json | 160 +++++----- 2008/1xxx/CVE-2008-1116.json | 160 +++++----- 2008/1xxx/CVE-2008-1327.json | 150 ++++----- 2008/5xxx/CVE-2008-5204.json | 140 ++++----- 2008/5xxx/CVE-2008-5413.json | 160 +++++----- 2008/5xxx/CVE-2008-5426.json | 150 ++++----- 2008/5xxx/CVE-2008-5515.json | 540 ++++++++++++++++----------------- 2008/5xxx/CVE-2008-5661.json | 160 +++++----- 2008/5xxx/CVE-2008-5726.json | 160 +++++----- 2011/2xxx/CVE-2011-2076.json | 130 ++++---- 2011/2xxx/CVE-2011-2226.json | 150 ++++----- 2011/2xxx/CVE-2011-2252.json | 130 ++++---- 2011/2xxx/CVE-2011-2407.json | 150 ++++----- 2011/2xxx/CVE-2011-2501.json | 340 ++++++++++----------- 2011/2xxx/CVE-2011-2880.json | 160 +++++----- 2011/3xxx/CVE-2011-3159.json | 130 ++++---- 2011/3xxx/CVE-2011-3292.json | 34 +-- 2013/0xxx/CVE-2013-0346.json | 130 ++++---- 2013/0xxx/CVE-2013-0359.json | 130 ++++---- 2013/0xxx/CVE-2013-0490.json | 130 ++++---- 2013/0xxx/CVE-2013-0555.json | 34 +-- 2013/0xxx/CVE-2013-0858.json | 150 ++++----- 2013/0xxx/CVE-2013-0896.json | 150 ++++----- 2013/0xxx/CVE-2013-0923.json | 160 +++++----- 2013/1xxx/CVE-2013-1083.json | 130 ++++---- 2013/1xxx/CVE-2013-1217.json | 120 ++++---- 2013/1xxx/CVE-2013-1695.json | 170 +++++------ 2013/1xxx/CVE-2013-1899.json | 290 +++++++++--------- 2013/3xxx/CVE-2013-3467.json | 150 ++++----- 2013/4xxx/CVE-2013-4146.json | 34 +-- 2013/4xxx/CVE-2013-4494.json | 200 ++++++------ 2013/4xxx/CVE-2013-4825.json | 130 ++++---- 2013/4xxx/CVE-2013-4918.json | 34 +-- 2013/5xxx/CVE-2013-5309.json | 140 ++++----- 2017/12xxx/CVE-2017-12161.json | 132 ++++---- 2017/12xxx/CVE-2017-12260.json | 140 ++++----- 2017/12xxx/CVE-2017-12343.json | 130 ++++---- 2017/12xxx/CVE-2017-12392.json | 34 +-- 2017/12xxx/CVE-2017-12642.json | 130 ++++---- 2017/13xxx/CVE-2017-13038.json | 180 +++++------ 2017/13xxx/CVE-2017-13066.json | 130 ++++---- 2017/13xxx/CVE-2017-13207.json | 150 ++++----- 2017/13xxx/CVE-2017-13357.json | 34 +-- 2017/13xxx/CVE-2017-13845.json | 34 +-- 2017/16xxx/CVE-2017-16031.json | 152 +++++----- 2017/16xxx/CVE-2017-16568.json | 120 ++++---- 2017/16xxx/CVE-2017-16788.json | 120 ++++---- 2017/16xxx/CVE-2017-16947.json | 34 +-- 2017/4xxx/CVE-2017-4005.json | 34 +-- 2017/4xxx/CVE-2017-4237.json | 34 +-- 2017/4xxx/CVE-2017-4528.json | 34 +-- 2017/4xxx/CVE-2017-4961.json | 120 ++++---- 2017/4xxx/CVE-2017-4987.json | 130 ++++---- 2018/18xxx/CVE-2018-18035.json | 34 +-- 2018/18xxx/CVE-2018-18649.json | 130 ++++---- 2018/18xxx/CVE-2018-18989.json | 130 ++++---- 2018/1xxx/CVE-2018-1573.json | 34 +-- 2018/5xxx/CVE-2018-5229.json | 124 ++++---- 2018/5xxx/CVE-2018-5359.json | 130 ++++---- 2018/5xxx/CVE-2018-5381.json | 224 +++++++------- 2018/5xxx/CVE-2018-5653.json | 130 ++++---- 2018/5xxx/CVE-2018-5967.json | 120 ++++---- 71 files changed, 4772 insertions(+), 4772 deletions(-) diff --git a/2001/0xxx/CVE-2001-0031.json b/2001/0xxx/CVE-2001-0031.json index ee98faf45b3..c24e230f245 100644 --- a/2001/0xxx/CVE-2001-0031.json +++ b/2001/0xxx/CVE-2001-0031.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001207 BroadVision One-To-One Enterprise Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0074.html" - }, - { - "name" : "broadvision-bv1to1-reveal-path(5661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "broadvision-bv1to1-reveal-path(5661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5661" + }, + { + "name": "20001207 BroadVision One-To-One Enterprise Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0074.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0075.json b/2001/0xxx/CVE-2001-0075.json index 31b5f37eed0..fb952006905 100644 --- a/2001/0xxx/CVE-2001-0075.json +++ b/2001/0xxx/CVE-2001-0075.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001227 [Ksecurity Advisory] main.cgi in technote", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/153212" - }, - { - "name" : "2156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001227 [Ksecurity Advisory] main.cgi in technote", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/153212" + }, + { + "name": "2156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2156" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0111.json b/2001/0xxx/CVE-2001-0111.json index e11edf75998..dcc4d43ac32 100644 --- a/2001/0xxx/CVE-2001-0111.json +++ b/2001/0xxx/CVE-2001-0111.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010114 [MSY] Multiple vulnerabilities in splitvt", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97958269320974&w=2" - }, - { - "name" : "DSA-014-1", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-014" - }, - { - "name" : "splitvt-perserc-format-string(5948)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5948" - }, - { - "name" : "2210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010114 [MSY] Multiple vulnerabilities in splitvt", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97958269320974&w=2" + }, + { + "name": "2210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2210" + }, + { + "name": "splitvt-perserc-format-string(5948)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5948" + }, + { + "name": "DSA-014-1", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-014" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0300.json b/2001/0xxx/CVE-2001-0300.json index 5be6a2af614..e716a9973e2 100644 --- a/2001/0xxx/CVE-2001-0300.json +++ b/2001/0xxx/CVE-2001-0300.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001222 vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html" - }, - { - "name" : "VU#610904", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/610904" - }, - { - "name" : "oracle-oidldap-write-permission(5804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001222 vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html" + }, + { + "name": "oracle-oidldap-write-permission(5804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5804" + }, + { + "name": "VU#610904", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/610904" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0364.json b/2001/0xxx/CVE-2001-0364.json index fdec0e7420e..92cc9842340 100644 --- a/2001/0xxx/CVE-2001-0364.json +++ b/2001/0xxx/CVE-2001-0364.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010315 Remote DoS attack against SSH Secure Shell for Windows Servers", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98467799732241&w=2" - }, - { - "name" : "2477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2477" - }, - { - "name" : "ssh-ssheloop-dos(6241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2477" + }, + { + "name": "ssh-ssheloop-dos(6241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6241" + }, + { + "name": "20010315 Remote DoS attack against SSH Secure Shell for Windows Servers", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98467799732241&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0483.json b/2001/0xxx/CVE-2001-0483.json index 3ccc3c70448..d01cf538049 100644 --- a/2001/0xxx/CVE-2001-0483.json +++ b/2001/0xxx/CVE-2001-0483.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010324 Raptor 6.5 http vulnerability ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0359.html" - }, - { - "name" : "20010327 RE: Raptor 6.5 http vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/171953" - }, - { - "name" : "2517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010327 RE: Raptor 6.5 http vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/171953" + }, + { + "refsource": "BUGTRAQ", + "name": "20010324 Raptor 6.5 http vulnerability", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0359.html" + }, + { + "name": "2517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2517" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0607.json b/2001/0xxx/CVE-2001-0607.json index 956364530d1..e7199d7b00e 100644 --- a/2001/0xxx/CVE-2001-0607.json +++ b/2001/0xxx/CVE-2001-0607.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0103-145", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q1/0080.html" - }, - { - "name" : "oval:org.mitre.oval:def:5621", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5621", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5621" + }, + { + "name": "HPSBUX0103-145", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q1/0080.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0643.json b/2001/0xxx/CVE-2001-0643.json index 0c1095c0ffd..cac734caf60 100644 --- a/2001/0xxx/CVE-2001-0643.json +++ b/2001/0xxx/CVE-2001-0643.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010416 Double clicking on innocent looking files may be dangerous", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/176909" - }, - { - "name" : "http://www.guninski.com/clsidext.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/clsidext.html" - }, - { - "name" : "http://vil.nai.com/vil/virusSummary.asp?virus_k=99048", - "refsource" : "MISC", - "url" : "http://vil.nai.com/vil/virusSummary.asp?virus_k=99048" - }, - { - "name" : "http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html", - "refsource" : "MISC", - "url" : "http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html" - }, - { - "name" : "2612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2612" - }, - { - "name" : "7858", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7858" - }, - { - "name" : "ie-clsid-execute-files(6426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-clsid-execute-files(6426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6426" + }, + { + "name": "http://www.guninski.com/clsidext.html", + "refsource": "MISC", + "url": "http://www.guninski.com/clsidext.html" + }, + { + "name": "http://vil.nai.com/vil/virusSummary.asp?virus_k=99048", + "refsource": "MISC", + "url": "http://vil.nai.com/vil/virusSummary.asp?virus_k=99048" + }, + { + "name": "http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html", + "refsource": "MISC", + "url": "http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html" + }, + { + "name": "2612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2612" + }, + { + "name": "20010416 Double clicking on innocent looking files may be dangerous", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/176909" + }, + { + "name": "7858", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7858" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2330.json b/2006/2xxx/CVE-2006-2330.json index 9a206937d7e..dde105eb2f1 100644 --- a/2006/2xxx/CVE-2006-2330.json +++ b/2006/2xxx/CVE-2006-2330.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in \".php.gif\" and contains PHP code in EXIF metadata." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060508 PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433277/100/0/threaded" - }, - { - "name" : "http://www.php-fusion.co.uk/news.php", - "refsource" : "CONFIRM", - "url" : "http://www.php-fusion.co.uk/news.php" - }, - { - "name" : "17898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17898" - }, - { - "name" : "ADV-2006-1735", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1735" - }, - { - "name" : "25537", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25537" - }, - { - "name" : "19992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19992" - }, - { - "name" : "873", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/873" - }, - { - "name" : "phpfusion-avatar-extensions-code-execution(26388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in \".php.gif\" and contains PHP code in EXIF metadata." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "873", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/873" + }, + { + "name": "http://www.php-fusion.co.uk/news.php", + "refsource": "CONFIRM", + "url": "http://www.php-fusion.co.uk/news.php" + }, + { + "name": "phpfusion-avatar-extensions-code-execution(26388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26388" + }, + { + "name": "25537", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25537" + }, + { + "name": "20060508 PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433277/100/0/threaded" + }, + { + "name": "19992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19992" + }, + { + "name": "17898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17898" + }, + { + "name": "ADV-2006-1735", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1735" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2989.json b/2006/2xxx/CVE-2006-2989.json index ff6c554daf2..f22727f7151 100644 --- a/2006/2xxx/CVE-2006-2989.json +++ b/2006/2xxx/CVE-2006-2989.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html" - }, - { - "name" : "18438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18438" - }, - { - "name" : "ADV-2006-2250", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2250" - }, - { - "name" : "20517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20517" - }, - { - "name" : "asplist-listpics-xss(27068)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2250", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2250" + }, + { + "name": "asplist-listpics-xss(27068)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27068" + }, + { + "name": "18438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18438" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html" + }, + { + "name": "20517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20517" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1116.json b/2008/1xxx/CVE-2008-1116.json index 8bfbd3bf56a..04c82ce0f6f 100644 --- a/2008/1xxx/CVE-2008-1116.json +++ b/2008/1xxx/CVE-2008-1116.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5188", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5188" - }, - { - "name" : "27997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27997" - }, - { - "name" : "ADV-2008-0683", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0683/references" - }, - { - "name" : "29109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29109" - }, - { - "name" : "risingonline-webscan-code-execution(40838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27997" + }, + { + "name": "risingonline-webscan-code-execution(40838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40838" + }, + { + "name": "ADV-2008-0683", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0683/references" + }, + { + "name": "29109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29109" + }, + { + "name": "5188", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5188" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1327.json b/2008/1xxx/CVE-2008-1327.json index 8ee63490152..bbe02bb6b57 100644 --- a/2008/1xxx/CVE-2008-1327.json +++ b/2008/1xxx/CVE-2008-1327.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28163.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28163.html" - }, - { - "name" : "28163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28163" - }, - { - "name" : "29399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29399" - }, - { - "name" : "gallarific-index-users-auth-bypass(41106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28163" + }, + { + "name": "gallarific-index-users-auth-bypass(41106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41106" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28163.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28163.html" + }, + { + "name": "29399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29399" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5204.json b/2008/5xxx/CVE-2008-5204.json index 8da506afc5a..0a94890a7a1 100644 --- a/2008/5xxx/CVE-2008-5204.json +++ b/2008/5xxx/CVE-2008-5204.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5962", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5962" - }, - { - "name" : "29993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29993" - }, - { - "name" : "poweraward-lang-file-include(43463)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29993" + }, + { + "name": "5962", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5962" + }, + { + "name": "poweraward-lang-file-include(43463)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43463" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5413.json b/2008/5xxx/CVE-2008-5413.json index e0e65bb1099..bdb0b3af953 100644 --- a/2008/5xxx/CVE-2008-5413.json +++ b/2008/5xxx/CVE-2008-5413.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PK63886", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63886" - }, - { - "name" : "32679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32679" - }, - { - "name" : "ADV-2008-3370", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3370" - }, - { - "name" : "ADV-2009-0423", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3370", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3370" + }, + { + "name": "32679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32679" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + }, + { + "name": "PK63886", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63886" + }, + { + "name": "ADV-2009-0423", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0423" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5426.json b/2008/5xxx/CVE-2008-5426.json index 9797d4e89c8..857e3b54e9d 100644 --- a/2008/5xxx/CVE-2008-5426.json +++ b/2008/5xxx/CVE-2008-5426.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 DoS attacks on MIME-capable software via complex MIME emails", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499038/100/0/threaded" - }, - { - "name" : "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499045/100/0/threaded" - }, - { - "name" : "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro", - "refsource" : "MISC", - "url" : "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro" - }, - { - "name" : "4721", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro", + "refsource": "MISC", + "url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro" + }, + { + "name": "4721", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4721" + }, + { + "name": "20081208 DoS attacks on MIME-capable software via complex MIME emails", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded" + }, + { + "name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5515.json b/2008/5xxx/CVE-2008-5515.json index ffa43aa19b5..1bdff41e0f8 100644 --- a/2008/5xxx/CVE-2008-5515.json +++ b/2008/5xxx/CVE-2008-5515.json @@ -1,272 +1,272 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504170/100/0/threaded" - }, - { - "name" : "20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504202/100/0/threaded" - }, - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "DSA-2207", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2207" - }, - { - "name" : "FEDORA-2009-11352", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" - }, - { - "name" : "FEDORA-2009-11356", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" - }, - { - "name" : "FEDORA-2009-11374", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" - }, - { - "name" : "HPSBUX02579", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2" - }, - { - "name" : "SSRT100203", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2" - }, - { - "name" : "HPSBUX02860", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "SSRT101146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "HPSBMA02535", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2" - }, - { - "name" : "SSRT100029", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2" - }, - { - "name" : "MDVSA-2009:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" - }, - { - "name" : "MDVSA-2009:138", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" - }, - { - "name" : "MDVSA-2010:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" - }, - { - "name" : "263529", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "JVN#63832775", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN63832775/index.html" - }, - { - "name" : "35263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35263" - }, - { - "name" : "oval:org.mitre.oval:def:10422", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422" - }, - { - "name" : "oval:org.mitre.oval:def:6445", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445" - }, - { - "name" : "oval:org.mitre.oval:def:19452", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452" - }, - { - "name" : "35393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35393" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "35788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35788" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - }, - { - "name" : "42368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42368" - }, - { - "name" : "44183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44183" - }, - { - "name" : "ADV-2009-1520", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1520" - }, - { - "name" : "ADV-2009-1535", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1535" - }, - { - "name" : "ADV-2009-1856", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1856" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "ADV-2010-3056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "HPSBMA02535", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "MDVSA-2009:138", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" + }, + { + "name": "ADV-2009-1535", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1535" + }, + { + "name": "FEDORA-2009-11356", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" + }, + { + "name": "DSA-2207", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2207" + }, + { + "name": "JVN#63832775", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN63832775/index.html" + }, + { + "name": "HPSBUX02860", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "ADV-2010-3056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3056" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "35788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35788" + }, + { + "name": "SSRT100029", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" + }, + { + "name": "20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "35263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35263" + }, + { + "name": "ADV-2009-1520", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1520" + }, + { + "name": "44183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44183" + }, + { + "name": "ADV-2009-1856", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1856" + }, + { + "name": "20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded" + }, + { + "name": "MDVSA-2010:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "42368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42368" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "35393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35393" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "FEDORA-2009-11374", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" + }, + { + "name": "oval:org.mitre.oval:def:6445", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "FEDORA-2009-11352", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "HPSBUX02579", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2" + }, + { + "name": "SSRT101146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "MDVSA-2009:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" + }, + { + "name": "263529", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" + }, + { + "name": "SSRT100203", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2" + }, + { + "name": "oval:org.mitre.oval:def:10422", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422" + }, + { + "name": "oval:org.mitre.oval:def:19452", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5661.json b/2008/5xxx/CVE-2008-5661.json index 7644c39a8b0..defe116d067 100644 --- a/2008/5xxx/CVE-2008-5661.json +++ b/2008/5xxx/CVE-2008-5661.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "241126", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241126-1" - }, - { - "name" : "32861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32861" - }, - { - "name" : "1021413", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021413" - }, - { - "name" : "33148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33148" - }, - { - "name" : "solaris-ipv4-forwarding-dos(47378)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "241126", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-241126-1" + }, + { + "name": "32861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32861" + }, + { + "name": "1021413", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021413" + }, + { + "name": "33148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33148" + }, + { + "name": "solaris-ipv4-forwarding-dos(47378)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47378" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5726.json b/2008/5xxx/CVE-2008-5726.json index ed8bdd96f28..aba7be93815 100644 --- a/2008/5xxx/CVE-2008-5726.json +++ b/2008/5xxx/CVE-2008-5726.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7565", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7565" - }, - { - "name" : "32993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32993" - }, - { - "name" : "ADV-2008-3507", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3507" - }, - { - "name" : "51023", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51023" - }, - { - "name" : "4810", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4810", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4810" + }, + { + "name": "32993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32993" + }, + { + "name": "51023", + "refsource": "OSVDB", + "url": "http://osvdb.org/51023" + }, + { + "name": "7565", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7565" + }, + { + "name": "ADV-2008-3507", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3507" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2076.json b/2011/2xxx/CVE-2011-2076.json index 2d2acebeba8..93183200286 100644 --- a/2011/2xxx/CVE-2011-2076.json +++ b/2011/2xxx/CVE-2011-2076.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetninjas.net/storage/advisories/MediaCast-PWDump-FINAL.txt", - "refsource" : "MISC", - "url" : "http://www.packetninjas.net/storage/advisories/MediaCast-PWDump-FINAL.txt" - }, - { - "name" : "8245", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.packetninjas.net/storage/advisories/MediaCast-PWDump-FINAL.txt", + "refsource": "MISC", + "url": "http://www.packetninjas.net/storage/advisories/MediaCast-PWDump-FINAL.txt" + }, + { + "name": "8245", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8245" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2226.json b/2011/2xxx/CVE-2011-2226.json index f426005b2e2..2765784cc78 100644 --- a/2011/2xxx/CVE-2011-2226.json +++ b/2011/2xxx/CVE-2011-2226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/security/cve/CVE-2011-2226.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2011-2226.html" - }, - { - "name" : "SUSE-SU-2011:0917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html" - }, - { - "name" : "49236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49236" - }, - { - "name" : "kiwi-pattern-listing-xss(69278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/security/cve/CVE-2011-2226.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2011-2226.html" + }, + { + "name": "49236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49236" + }, + { + "name": "kiwi-pattern-listing-xss(69278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69278" + }, + { + "name": "SUSE-SU-2011:0917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2252.json b/2011/2xxx/CVE-2011-2252.json index ca44f5958bb..faf67d34924 100644 --- a/2011/2xxx/CVE-2011-2252.json +++ b/2011/2xxx/CVE-2011-2252.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2261." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2261." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2407.json b/2011/2xxx/CVE-2011-2407.json index 7d13c216716..19fdda6ceb4 100644 --- a/2011/2xxx/CVE-2011-2407.json +++ b/2011/2xxx/CVE-2011-2407.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to obtain access via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-2407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02695", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131292748121409&w=2" - }, - { - "name" : "SSRT100480", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131292748121409&w=2" - }, - { - "name" : "49096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49096" - }, - { - "name" : "8333", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to obtain access via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8333", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8333" + }, + { + "name": "SSRT100480", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131292748121409&w=2" + }, + { + "name": "HPSBMU02695", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131292748121409&w=2" + }, + { + "name": "49096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49096" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2501.json b/2011/2xxx/CVE-2011-2501.json index 5f1332f3b41..0ed5750ba13 100644 --- a/2011/2xxx/CVE-2011-2501.json +++ b/2011/2xxx/CVE-2011-2501.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 CVE request for libpng regression (CVE-2004-0421)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/13" - }, - { - "name" : "[oss-security] 20110628 Re: CVE request for libpng regression (CVE-2004-0421)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/28/16" - }, - { - "name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=65e6d5a34f49acdb362a0625a706c6b914e670af", - "refsource" : "CONFIRM", - "url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=65e6d5a34f49acdb362a0625a706c6b914e670af" - }, - { - "name" : "http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=717084", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=717084" - }, - { - "name" : "DSA-2287", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2287" - }, - { - "name" : "FEDORA-2011-9336", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html" - }, - { - "name" : "FEDORA-2011-8868", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html" - }, - { - "name" : "GLSA-201206-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-15.xml" - }, - { - "name" : "MDVSA-2011:151", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151" - }, - { - "name" : "RHSA-2011:1105", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1105.html" - }, - { - "name" : "SSA:2011-210-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.617466" - }, - { - "name" : "USN-1175-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1175-1" - }, - { - "name" : "48474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48474" - }, - { - "name" : "45046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45046" - }, - { - "name" : "45405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45405" - }, - { - "name" : "45415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45415" - }, - { - "name" : "45460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45460" - }, - { - "name" : "45486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45486" - }, - { - "name" : "45492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45492" - }, - { - "name" : "45289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45289" - }, - { - "name" : "49660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49660" - }, - { - "name" : "libpng-pngerror-dos(68517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49660" + }, + { + "name": "45046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45046" + }, + { + "name": "USN-1175-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1175-1" + }, + { + "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=65e6d5a34f49acdb362a0625a706c6b914e670af", + "refsource": "CONFIRM", + "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=65e6d5a34f49acdb362a0625a706c6b914e670af" + }, + { + "name": "MDVSA-2011:151", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151" + }, + { + "name": "48474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48474" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=717084", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=717084" + }, + { + "name": "SSA:2011-210-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.617466" + }, + { + "name": "GLSA-201206-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-15.xml" + }, + { + "name": "[oss-security] 20110627 CVE request for libpng regression (CVE-2004-0421)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/13" + }, + { + "name": "FEDORA-2011-8868", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html" + }, + { + "name": "libpng-pngerror-dos(68517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68517" + }, + { + "name": "45289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45289" + }, + { + "name": "FEDORA-2011-9336", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html" + }, + { + "name": "DSA-2287", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2287" + }, + { + "name": "http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement" + }, + { + "name": "45405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45405" + }, + { + "name": "RHSA-2011:1105", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1105.html" + }, + { + "name": "[oss-security] 20110628 Re: CVE request for libpng regression (CVE-2004-0421)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/28/16" + }, + { + "name": "45460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45460" + }, + { + "name": "45486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45486" + }, + { + "name": "45492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45492" + }, + { + "name": "45415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45415" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2880.json b/2011/2xxx/CVE-2011-2880.json index 1bcd8182117..82c3816b478 100644 --- a/2011/2xxx/CVE-2011-2880.json +++ b/2011/2xxx/CVE-2011-2880.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=97451", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=97451" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=97520", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=97520" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=97615", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=97615" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14319", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=97520", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=97520" + }, + { + "name": "oval:org.mitre.oval:def:14319", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14319" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=97451", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=97451" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=97615", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=97615" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3159.json b/2011/3xxx/CVE-2011-3159.json index ef61af2c06b..65bbbc278bc 100644 --- a/2011/3xxx/CVE-2011-3159.json +++ b/2011/3xxx/CVE-2011-3159.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-3159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c03058866", - "refsource" : "CONFIRM", - "url" : "https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c03058866" - }, - { - "name" : "1026195", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c03058866", + "refsource": "CONFIRM", + "url": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c03058866" + }, + { + "name": "1026195", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026195" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3292.json b/2011/3xxx/CVE-2011-3292.json index faaa12fa79e..d2cf73f8724 100644 --- a/2011/3xxx/CVE-2011-3292.json +++ b/2011/3xxx/CVE-2011-3292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3292", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3292", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0346.json b/2013/0xxx/CVE-2013-0346.json index e13572f4608..b31b1a8d9eb 100644 --- a/2013/0xxx/CVE-2013-0346.json +++ b/2013/0xxx/CVE-2013-0346.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated \"The tomcat log directory does not contain any sensitive information.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130222 Re: Cve request: tomcat world-readable logdir", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/23/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=924841", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=924841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated \"The tomcat log directory does not contain any sensitive information.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=924841", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924841" + }, + { + "name": "[oss-security] 20130222 Re: Cve request: tomcat world-readable logdir", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/23/5" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0359.json b/2013/0xxx/CVE-2013-0359.json index 68e9615ad5e..0c1f81227cf 100644 --- a/2013/0xxx/CVE-2013-0359.json +++ b/2013/0xxx/CVE-2013-0359.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the APM - Application Performance Management component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Business Transaction Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the APM - Application Performance Management component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Business Transaction Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0490.json b/2013/0xxx/CVE-2013-0490.json index 738632d1684..cc50788596b 100644 --- a/2013/0xxx/CVE-2013-0490.json +++ b/2013/0xxx/CVE-2013-0490.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626276", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626276" - }, - { - "name" : "ibm-zos-priv-esc(81948)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626276", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626276" + }, + { + "name": "ibm-zos-priv-esc(81948)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81948" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0555.json b/2013/0xxx/CVE-2013-0555.json index f9b7da73f66..905ce3ae154 100644 --- a/2013/0xxx/CVE-2013-0555.json +++ b/2013/0xxx/CVE-2013-0555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0555", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0555", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0858.json b/2013/0xxx/CVE-2013-0858.json index c94d887f853..ead4da88dff 100644 --- a/2013/0xxx/CVE-2013-0858.json +++ b/2013/0xxx/CVE-2013-0858.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2502914c5f8eb77659d7c0868396862557a63245", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2502914c5f8eb77659d7c0868396862557a63245" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - }, - { - "name" : "DSA-2793", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2793", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2793" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2502914c5f8eb77659d7c0868396862557a63245", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2502914c5f8eb77659d7c0868396862557a63245" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0896.json b/2013/0xxx/CVE-2013-0896.json index d3a4fcc3fb1..d839fffc650 100644 --- a/2013/0xxx/CVE-2013-0896.json +++ b/2013/0xxx/CVE-2013-0896.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=166708", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=166708" - }, - { - "name" : "openSUSE-SU-2013:0454", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" - }, - { - "name" : "oval:org.mitre.oval:def:16656", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" + }, + { + "name": "openSUSE-SU-2013:0454", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" + }, + { + "name": "oval:org.mitre.oval:def:16656", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16656" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=166708", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=166708" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0923.json b/2013/0xxx/CVE-2013-0923.json index f68fd75c4e8..bd62e425790 100644 --- a/2013/0xxx/CVE-2013-0923.json +++ b/2013/0xxx/CVE-2013-0923.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=169765", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=169765" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=169972", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=169972" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=169981", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=169981" - }, - { - "name" : "oval:org.mitre.oval:def:16671", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=169765", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=169765" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=169972", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=169972" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=169981", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=169981" + }, + { + "name": "oval:org.mitre.oval:def:16671", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16671" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1083.json b/2013/1xxx/CVE-2013-1083.json index 07d73e47fc9..0d47ab214da 100644 --- a/2013/1xxx/CVE-2013-1083.json +++ b/2013/1xxx/CVE-2013-1083.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download.novell.com/Download?buildid=nbGXg-msbmw~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=nbGXg-msbmw~" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=807193", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=807193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.novell.com/Download?buildid=nbGXg-msbmw~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=nbGXg-msbmw~" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=807193", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=807193" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1217.json b/2013/1xxx/CVE-2013-1217.json index 55d686734a4..afe7fd7247c 100644 --- a/2013/1xxx/CVE-2013-1217.json +++ b/2013/1xxx/CVE-2013-1217.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130419 Generic Input/Output SNMP Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130419 Generic Input/Output SNMP Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1217" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1695.json b/2013/1xxx/CVE-2013-1695.json index 37bcd1da360..05c4e16148a 100644 --- a/2013/1xxx/CVE-2013-1695.json +++ b/2013/1xxx/CVE-2013-1695.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-57.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-57.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=849791", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=849791" - }, - { - "name" : "openSUSE-SU-2013:1140", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:1142", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" - }, - { - "name" : "USN-1890-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1890-1" - }, - { - "name" : "oval:org.mitre.oval:def:16433", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1890-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1890-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-57.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-57.html" + }, + { + "name": "oval:org.mitre.oval:def:16433", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16433" + }, + { + "name": "openSUSE-SU-2013:1142", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:1140", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=849791", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=849791" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1899.json b/2013/1xxx/CVE-2013-1899.json index 2946347c58d..4db05fb4ceb 100644 --- a/2013/1xxx/CVE-2013-1899.json +++ b/2013/1xxx/CVE-2013-1899.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a \"-\" (hyphen)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/about/news/1456/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news/1456/" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-9-0-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-9-0-13.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-9-1-9.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-9-1-9.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-9-2-4.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-9-2-4.html" - }, - { - "name" : "http://www.postgresql.org/support/security/faq/2013-04-04/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/support/security/faq/2013-04-04/" - }, - { - "name" : "http://support.apple.com/kb/HT5880", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5880" - }, - { - "name" : "http://support.apple.com/kb/HT5892", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5892" - }, - { - "name" : "APPLE-SA-2013-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" - }, - { - "name" : "APPLE-SA-2013-09-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html" - }, - { - "name" : "DSA-2658", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2658" - }, - { - "name" : "FEDORA-2013-5000", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html" - }, - { - "name" : "FEDORA-2013-6148", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html" - }, - { - "name" : "MDVSA-2013:142", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:142" - }, - { - "name" : "SUSE-SU-2013:0633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:0627", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0628", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html" - }, - { - "name" : "openSUSE-SU-2013:0635", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html" - }, - { - "name" : "USN-1789-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1789-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a \"-\" (hyphen)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.postgresql.org/docs/current/static/release-9-2-4.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-4.html" + }, + { + "name": "http://www.postgresql.org/about/news/1456/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news/1456/" + }, + { + "name": "openSUSE-SU-2013:0628", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html" + }, + { + "name": "openSUSE-SU-2013:0635", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html" + }, + { + "name": "http://www.postgresql.org/support/security/faq/2013-04-04/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/support/security/faq/2013-04-04/" + }, + { + "name": "MDVSA-2013:142", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:142" + }, + { + "name": "http://support.apple.com/kb/HT5892", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5892" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-9-0-13.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-13.html" + }, + { + "name": "USN-1789-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1789-1" + }, + { + "name": "APPLE-SA-2013-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" + }, + { + "name": "FEDORA-2013-6148", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html" + }, + { + "name": "APPLE-SA-2013-09-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-9-1-9.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-9.html" + }, + { + "name": "SUSE-SU-2013:0633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html" + }, + { + "name": "DSA-2658", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2658" + }, + { + "name": "openSUSE-SU-2013:0627", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html" + }, + { + "name": "FEDORA-2013-5000", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html" + }, + { + "name": "http://support.apple.com/kb/HT5880", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5880" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3467.json b/2013/3xxx/CVE-2013-3467.json index 868fd82db81..f3d392cda8e 100644 --- a/2013/3xxx/CVE-2013-3467.json +++ b/2013/3xxx/CVE-2013-3467.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) \"show monitor session all\" or (2) \"show monitor session\" command, aka Bug ID CSCug20103." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130829 Cisco UCS 6100 Fabric Interconnect Memory Leak", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3467" - }, - { - "name" : "62065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62065" - }, - { - "name" : "96731", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96731" - }, - { - "name" : "1028960", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) \"show monitor session all\" or (2) \"show monitor session\" command, aka Bug ID CSCug20103." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130829 Cisco UCS 6100 Fabric Interconnect Memory Leak", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3467" + }, + { + "name": "62065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62065" + }, + { + "name": "1028960", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028960" + }, + { + "name": "96731", + "refsource": "OSVDB", + "url": "http://osvdb.org/96731" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4146.json b/2013/4xxx/CVE-2013-4146.json index 2ccad9a1fd0..defea2b4e31 100644 --- a/2013/4xxx/CVE-2013-4146.json +++ b/2013/4xxx/CVE-2013-4146.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4146", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4146", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4494.json b/2013/4xxx/CVE-2013-4494.json index b487beb3070..7121a8ba912 100644 --- a/2013/4xxx/CVE-2013-4494.json +++ b/2013/4xxx/CVE-2013-4494.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131101 Re: Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/01/3" - }, - { - "name" : "[oss-security] 20131101 Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/01/2" - }, - { - "name" : "DSA-3006", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3006" - }, - { - "name" : "GLSA-201407-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml" - }, - { - "name" : "RHSA-2014:0108", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0108.html" - }, - { - "name" : "openSUSE-SU-2013:1876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html" - }, - { - "name" : "SUSE-SU-2014:0411", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "SUSE-SU-2014:0470", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2014:0470", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" + }, + { + "name": "[oss-security] 20131101 Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/01/2" + }, + { + "name": "[oss-security] 20131101 Re: Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/01/3" + }, + { + "name": "RHSA-2014:0108", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0108.html" + }, + { + "name": "GLSA-201407-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "DSA-3006", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3006" + }, + { + "name": "SUSE-SU-2014:0411", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" + }, + { + "name": "openSUSE-SU-2013:1876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4825.json b/2013/4xxx/CVE-2013-4825.json index ff3606757ae..2115faa7795 100644 --- a/2013/4xxx/CVE-2013-4825.json +++ b/2013/4xxx/CVE-2013-4825.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02930", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547" - }, - { - "name" : "SSRT101028", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101028", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547" + }, + { + "name": "HPSBGN02930", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4918.json b/2013/4xxx/CVE-2013-4918.json index fbdba484bb0..15891ead7e8 100644 --- a/2013/4xxx/CVE-2013-4918.json +++ b/2013/4xxx/CVE-2013-4918.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4918", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4918", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5309.json b/2013/5xxx/CVE-2013-5309.json index 72771f93915..79516d7a98e 100644 --- a/2013/5xxx/CVE-2013-5309.json +++ b/2013/5xxx/CVE-2013-5309.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/p/fudforum/code/5589/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/fudforum/code/5589/" - }, - { - "name" : "54293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54293" - }, - { - "name" : "fudforum-index-xss(86030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/p/fudforum/code/5589/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/fudforum/code/5589/" + }, + { + "name": "54293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54293" + }, + { + "name": "fudforum-index-xss(86030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12161.json b/2017/12xxx/CVE-2017-12161.json index 99df680332f..dbf3217a1e7 100644 --- a/2017/12xxx/CVE-2017-12161.json +++ b/2017/12xxx/CVE-2017-12161.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-02-16T00:00:00", - "ID" : "CVE-2017-12161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Keycloak", - "version" : { - "version_data" : [ - { - "version_value" : "before 3.4.2.Final" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-602" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-02-16T00:00:00", + "ID": "CVE-2017-12161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Keycloak", + "version": { + "version_data": [ + { + "version_value": "before 3.4.2.Final" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484564", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484564" - }, - { - "name" : "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770", - "refsource" : "CONFIRM", - "url" : "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-602" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484564", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484564" + }, + { + "name": "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770", + "refsource": "CONFIRM", + "url": "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12260.json b/2017/12xxx/CVE-2017-12260.json index 525d2cbc549..653ae050c72 100644 --- a/2017/12xxx/CVE-2017-12260.json +++ b/2017/12xxx/CVE-2017-12260.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones", + "version": { + "version_data": [ + { + "version_value": "Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1" - }, - { - "name" : "101495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101495" - }, - { - "name" : "1039616", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101495" + }, + { + "name": "1039616", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039616" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12343.json b/2017/12xxx/CVE-2017-12343.json index eddeee680a8..c94567dd158 100644 --- a/2017/12xxx/CVE-2017-12343.json +++ b/2017/12xxx/CVE-2017-12343.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Data Center Network Manager Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Data Center Network Manager Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Network Manager Software", + "version": { + "version_data": [ + { + "version_value": "Cisco Data Center Network Manager Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm" - }, - { - "name" : "101996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101996" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12392.json b/2017/12xxx/CVE-2017-12392.json index 24234f1110d..2fb28238261 100644 --- a/2017/12xxx/CVE-2017-12392.json +++ b/2017/12xxx/CVE-2017-12392.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12392", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12392", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12642.json b/2017/12xxx/CVE-2017-12642.json index ff005711b1c..ccf98e6e48e 100644 --- a/2017/12xxx/CVE-2017-12642.json +++ b/2017/12xxx/CVE-2017-12642.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\\mpc.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/552", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/552" - }, - { - "name" : "100159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\\mpc.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/552", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/552" + }, + { + "name": "100159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100159" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13038.json b/2017/13xxx/CVE-2017-13038.json index 4e3a8373ac9..bb9b365607f 100644 --- a/2017/13xxx/CVE-2017-13038.json +++ b/2017/13xxx/CVE-2017-13038.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6099a157747241629" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13066.json b/2017/13xxx/CVE-2017-13066.json index d4ef10208bf..5a0c4c30516 100644 --- a/2017/13xxx/CVE-2017-13066.json +++ b/2017/13xxx/CVE-2017-13066.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/430/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/430/" - }, - { - "name" : "100463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/430/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/430/" + }, + { + "name": "100463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100463" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13207.json b/2017/13xxx/CVE-2017-13207.json index 43b583af1fb..7e67f99c9bc 100644 --- a/2017/13xxx/CVE-2017-13207.json +++ b/2017/13xxx/CVE-2017-13207.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-13207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-13207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" - }, - { - "name" : "102526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" + }, + { + "name": "102526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102526" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13357.json b/2017/13xxx/CVE-2017-13357.json index 39d9e5d7e3d..c69f1ced275 100644 --- a/2017/13xxx/CVE-2017-13357.json +++ b/2017/13xxx/CVE-2017-13357.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13357", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13357", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13845.json b/2017/13xxx/CVE-2017-13845.json index 474ca7392f0..d120554766d 100644 --- a/2017/13xxx/CVE-2017-13845.json +++ b/2017/13xxx/CVE-2017-13845.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13845", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13845", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16031.json b/2017/16xxx/CVE-2017-16031.json index bbd8e7bb2ac..34c28e72956 100644 --- a/2017/16xxx/CVE-2017-16031.json +++ b/2017/16xxx/CVE-2017-16031.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "socket.io node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=0.9.6" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Account Hijacking" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "socket.io node module", + "version": { + "version_data": [ + { + "version_value": "<=0.9.6" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/socketio/socket.io/commit/67b4eb9abdf111dfa9be4176d1709374a2b4ded8", - "refsource" : "MISC", - "url" : "https://github.com/socketio/socket.io/commit/67b4eb9abdf111dfa9be4176d1709374a2b4ded8" - }, - { - "name" : "https://github.com/socketio/socket.io/issues/856", - "refsource" : "MISC", - "url" : "https://github.com/socketio/socket.io/issues/856" - }, - { - "name" : "https://github.com/socketio/socket.io/pull/857", - "refsource" : "MISC", - "url" : "https://github.com/socketio/socket.io/pull/857" - }, - { - "name" : "https://nodesecurity.io/advisories/321", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Account Hijacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/socketio/socket.io/commit/67b4eb9abdf111dfa9be4176d1709374a2b4ded8", + "refsource": "MISC", + "url": "https://github.com/socketio/socket.io/commit/67b4eb9abdf111dfa9be4176d1709374a2b4ded8" + }, + { + "name": "https://github.com/socketio/socket.io/issues/856", + "refsource": "MISC", + "url": "https://github.com/socketio/socket.io/issues/856" + }, + { + "name": "https://github.com/socketio/socket.io/pull/857", + "refsource": "MISC", + "url": "https://github.com/socketio/socket.io/pull/857" + }, + { + "name": "https://nodesecurity.io/advisories/321", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/321" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16568.json b/2017/16xxx/CVE-2017-16568.json index 60370495e5f..9432e53a222 100644 --- a/2017/16xxx/CVE-2017-16568.json +++ b/2017/16xxx/CVE-2017-16568.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43123", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43123/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43123", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43123/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16788.json b/2017/16xxx/CVE-2017-16788.json index 8290d9efc6b..c2e2209dd5b 100644 --- a/2017/16xxx/CVE-2017-16788.json +++ b/2017/16xxx/CVE-2017-16788.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the \"Upload Groupkey\" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20171212 Meinberg LANTIME Web Configuration Utility - Arbitrary File Upload", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Dec/32" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the \"Upload Groupkey\" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20171212 Meinberg LANTIME Web Configuration Utility - Arbitrary File Upload", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Dec/32" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16947.json b/2017/16xxx/CVE-2017-16947.json index 30830fd4d11..5626c5a7bfe 100644 --- a/2017/16xxx/CVE-2017-16947.json +++ b/2017/16xxx/CVE-2017-16947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16947", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16947", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4005.json b/2017/4xxx/CVE-2017-4005.json index ab3dccd0170..effe7a093ac 100644 --- a/2017/4xxx/CVE-2017-4005.json +++ b/2017/4xxx/CVE-2017-4005.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4005", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4005", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4237.json b/2017/4xxx/CVE-2017-4237.json index 32bf9e79e70..c2c6fd063d9 100644 --- a/2017/4xxx/CVE-2017-4237.json +++ b/2017/4xxx/CVE-2017-4237.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4237", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4237", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4528.json b/2017/4xxx/CVE-2017-4528.json index 25332432623..1acf5410093 100644 --- a/2017/4xxx/CVE-2017-4528.json +++ b/2017/4xxx/CVE-2017-4528.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4528", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4528", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4961.json b/2017/4xxx/CVE-2017-4961.json index bf90e4fc7be..02169a916e8 100644 --- a/2017/4xxx/CVE-2017-4961.json +++ b/2017/4xxx/CVE-2017-4961.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Foundry Foundation BOSH Release", - "version" : { - "version_data" : [ - { - "version_value" : "Cloud Foundry Foundation BOSH Release" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka \"BOSH Director Shell Injection Vulnerabilities.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "BOSH Director Shell Injection Vulnerabilities" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry Foundation BOSH Release", + "version": { + "version_data": [ + { + "version_value": "Cloud Foundry Foundation BOSH Release" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/cve-2017-4961/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/cve-2017-4961/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka \"BOSH Director Shell Injection Vulnerabilities.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "BOSH Director Shell Injection Vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/cve-2017-4961/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/cve-2017-4961/" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4987.json b/2017/4xxx/CVE-2017-4987.json index 11ed8611320..a92a45ec100 100644 --- a/2017/4xxx/CVE-2017-4987.json +++ b/2017/4xxx/CVE-2017-4987.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC VNX2 versions prior to OE for File 8.1.9.211, EMC VNX1 versions prior to OE for File 7.1.80.8", - "version" : { - "version_data" : [ - { - "version_value" : "EMC VNX2 versions prior to OE for File 8.1.9.211, EMC VNX1 versions prior to OE for File 7.1.80.8" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Uncontrolled search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC VNX2 versions prior to OE for File 8.1.9.211, EMC VNX1 versions prior to OE for File 7.1.80.8", + "version": { + "version_data": [ + { + "version_value": "EMC VNX2 versions prior to OE for File 8.1.9.211, EMC VNX1 versions prior to OE for File 7.1.80.8" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540738/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540738/30/0/threaded" - }, - { - "name" : "99045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/archive/1/540738/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540738/30/0/threaded" + }, + { + "name": "99045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99045" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18035.json b/2018/18xxx/CVE-2018-18035.json index 73b38a0c0b0..528b16682b2 100644 --- a/2018/18xxx/CVE-2018-18035.json +++ b/2018/18xxx/CVE-2018-18035.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18035", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18035", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18649.json b/2018/18xxx/CVE-2018-18649.json index 06fcbb0e226..07f8d03188f 100644 --- a/2018/18xxx/CVE-2018-18649.json +++ b/2018/18xxx/CVE-2018-18649.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/53072", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/53072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53072", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53072" + }, + { + "name": "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18989.json b/2018/18xxx/CVE-2018-18989.json index 9fa7fe15f7c..870121a501d 100644 --- a/2018/18xxx/CVE-2018-18989.json +++ b/2018/18xxx/CVE-2018-18989.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-18989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CX-One (CX-Programmer and CX-Server)", - "version" : { - "version_data" : [ - { - "version_value" : "CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "USE AFTER FREE CWE-416" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-18989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CX-One (CX-Programmer and CX-Server)", + "version": { + "version_data": [ + { + "version_value": "CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01" - }, - { - "name" : "106106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE AFTER FREE CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01" + }, + { + "name": "106106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106106" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1573.json b/2018/1xxx/CVE-2018-1573.json index b99204fa7af..e8e31ca874e 100644 --- a/2018/1xxx/CVE-2018-1573.json +++ b/2018/1xxx/CVE-2018-1573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5229.json b/2018/5xxx/CVE-2018-5229.json index 351b7529105..d23bf41a1b1 100644 --- a/2018/5xxx/CVE-2018-5229.json +++ b/2018/5xxx/CVE-2018-5229.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-07-16T00:00:00", - "ID" : "CVE-2018-5229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Universal Plugin Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "2.22.9" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-07-16T00:00:00", + "ID": "CVE-2018-5229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Universal Plugin Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.22.9" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ecosystem.atlassian.net/browse/UPM-5871", - "refsource" : "CONFIRM", - "url" : "https://ecosystem.atlassian.net/browse/UPM-5871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ecosystem.atlassian.net/browse/UPM-5871", + "refsource": "CONFIRM", + "url": "https://ecosystem.atlassian.net/browse/UPM-5871" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5359.json b/2018/5xxx/CVE-2018-5359.json index 273dda6c791..225c03595f1 100644 --- a/2018/5xxx/CVE-2018-5359.json +++ b/2018/5xxx/CVE-2018-5359.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43588", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43588/" - }, - { - "name" : "http://packetstormsecurity.com/files/145900/SysGauge-Server-3.6.18-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145900/SysGauge-Server-3.6.18-Buffer-Overflow.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43588", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43588/" + }, + { + "name": "http://packetstormsecurity.com/files/145900/SysGauge-Server-3.6.18-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145900/SysGauge-Server-3.6.18-Buffer-Overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5381.json b/2018/5xxx/CVE-2018-5381.json index 67fbb3d0e78..20ba63bfb6b 100644 --- a/2018/5xxx/CVE-2018-5381.json +++ b/2018/5xxx/CVE-2018-5381.json @@ -1,114 +1,114 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "DATE_PUBLIC" : "2018-02-15T00:00:00.000Z", - "ID" : "CVE-2018-5381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "bgpd", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "bpgd", - "version_value" : "1.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "Quagga" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of \"Capabilities\" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-228: Improper Handling of Syntactically Invalid Structure" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2018-02-15T00:00:00.000Z", + "ID": "CVE-2018-5381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "bgpd", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "bpgd", + "version_value": "1.2.3" + } + ] + } + } + ] + }, + "vendor_name": "Quagga" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html" - }, - { - "name" : "http://savannah.nongnu.org/forum/forum.php?forum_id=9095", - "refsource" : "CONFIRM", - "url" : "http://savannah.nongnu.org/forum/forum.php?forum_id=9095" - }, - { - "name" : "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt", - "refsource" : "CONFIRM", - "url" : "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt" - }, - { - "name" : "DSA-4115", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4115" - }, - { - "name" : "GLSA-201804-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-17" - }, - { - "name" : "USN-3573-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3573-1/" - }, - { - "name" : "VU#940439", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/940439" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of \"Capabilities\" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-228: Improper Handling of Syntactically Invalid Structure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt", + "refsource": "CONFIRM", + "url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt" + }, + { + "name": "USN-3573-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3573-1/" + }, + { + "name": "DSA-4115", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4115" + }, + { + "name": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095", + "refsource": "CONFIRM", + "url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095" + }, + { + "name": "GLSA-201804-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-17" + }, + { + "name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html" + }, + { + "name": "VU#940439", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/940439" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5653.json b/2018/5xxx/CVE-2018-5653.json index 8dac5d86521..05cbe73cba3 100644 --- a/2018/5xxx/CVE-2018-5653.json +++ b/2018/5xxx/CVE-2018-5653.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9009", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/9009", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9009" + }, + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5967.json b/2018/5xxx/CVE-2018-5967.json index 43e18ccf64f..e122b85a2f1 100644 --- a/2018/5xxx/CVE-2018-5967.json +++ b/2018/5xxx/CVE-2018-5967.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/145513/Netis-WF2419-HTML-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145513/Netis-WF2419-HTML-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145513/Netis-WF2419-HTML-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145513/Netis-WF2419-HTML-Injection.html" + } + ] + } +} \ No newline at end of file