From 521605447ab1ba8ac4dc6de40fd8285d8b51c297 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:08:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0186.json | 120 ++++---- 2001/0xxx/CVE-2001-0791.json | 120 ++++---- 2001/0xxx/CVE-2001-0855.json | 140 +++++----- 2001/0xxx/CVE-2001-0940.json | 190 ++++++------- 2001/1xxx/CVE-2001-1002.json | 150 +++++----- 2008/1xxx/CVE-2008-1048.json | 160 +++++------ 2008/1xxx/CVE-2008-1063.json | 130 ++++----- 2008/1xxx/CVE-2008-1102.json | 260 ++++++++--------- 2008/1xxx/CVE-2008-1202.json | 200 +++++++------- 2008/1xxx/CVE-2008-1703.json | 190 ++++++------- 2008/5xxx/CVE-2008-5148.json | 170 ++++++------ 2008/5xxx/CVE-2008-5361.json | 200 +++++++------- 2008/5xxx/CVE-2008-5695.json | 180 ++++++------ 2011/2xxx/CVE-2011-2184.json | 200 +++++++------- 2011/2xxx/CVE-2011-2895.json | 490 ++++++++++++++++----------------- 2011/2xxx/CVE-2011-2910.json | 34 +-- 2011/2xxx/CVE-2011-2932.json | 250 ++++++++--------- 2013/0xxx/CVE-2013-0810.json | 140 +++++----- 2013/0xxx/CVE-2013-0949.json | 140 +++++----- 2013/1xxx/CVE-2013-1162.json | 120 ++++---- 2013/3xxx/CVE-2013-3164.json | 140 +++++----- 2013/3xxx/CVE-2013-3305.json | 34 +-- 2013/3xxx/CVE-2013-3544.json | 34 +-- 2013/3xxx/CVE-2013-3863.json | 140 +++++----- 2013/4xxx/CVE-2013-4133.json | 34 +-- 2013/4xxx/CVE-2013-4179.json | 140 +++++----- 2013/4xxx/CVE-2013-4807.json | 170 ++++++------ 2013/4xxx/CVE-2013-4853.json | 34 +-- 2017/12xxx/CVE-2017-12044.json | 34 +-- 2017/12xxx/CVE-2017-12363.json | 140 +++++----- 2017/12xxx/CVE-2017-12492.json | 142 +++++----- 2017/12xxx/CVE-2017-12995.json | 180 ++++++------ 2017/13xxx/CVE-2017-13272.json | 156 +++++------ 2017/13xxx/CVE-2017-13294.json | 158 +++++------ 2017/13xxx/CVE-2017-13790.json | 130 ++++----- 2017/16xxx/CVE-2017-16327.json | 34 +-- 2017/16xxx/CVE-2017-16707.json | 34 +-- 2017/16xxx/CVE-2017-16795.json | 34 +-- 2017/16xxx/CVE-2017-16882.json | 120 ++++---- 2017/17xxx/CVE-2017-17206.json | 34 +-- 2017/17xxx/CVE-2017-17289.json | 120 ++++---- 2017/4xxx/CVE-2017-4409.json | 34 +-- 2018/18xxx/CVE-2018-18539.json | 34 +-- 2018/18xxx/CVE-2018-18858.json | 140 +++++----- 2018/1xxx/CVE-2018-1347.json | 186 ++++++------- 2018/1xxx/CVE-2018-1522.json | 226 +++++++-------- 2018/1xxx/CVE-2018-1860.json | 34 +-- 2018/5xxx/CVE-2018-5239.json | 132 ++++----- 2018/5xxx/CVE-2018-5423.json | 34 +-- 2018/5xxx/CVE-2018-5760.json | 34 +-- 50 files changed, 3240 insertions(+), 3240 deletions(-) diff --git a/2001/0xxx/CVE-2001-0186.json b/2001/0xxx/CVE-2001-0186.json index 310a021b2fd..7571e5e6f05 100644 --- a/2001/0xxx/CVE-2001-0186.json +++ b/2001/0xxx/CVE-2001-0186.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010204 Vulnerability in Free Java Web Server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0061.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010204 Vulnerability in Free Java Web Server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0061.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0791.json b/2001/0xxx/CVE-2001-0791.json index 92790c7fe43..34be5c2a3e1 100644 --- a/2001/0xxx/CVE-2001-0791.json +++ b/2001/0xxx/CVE-2001-0791.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010531 [SNS Advisory No.28]InterScan VirusWall for NT remote configuration", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010531 [SNS Advisory No.28]InterScan VirusWall for NT remote configuration", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0855.json b/2001/0xxx/CVE-2001-0855.json index 758c8c63d4b..549dcc70c2e 100644 --- a/2001/0xxx/CVE-2001-0855.json +++ b/2001/0xxx/CVE-2001-0855.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011109 ClearCase db_loader TERM environment variable buffer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100528623328037&w=2" - }, - { - "name" : "3523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3523" - }, - { - "name" : "clearcase-dbloader-term-bo(7488)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7488.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3523" + }, + { + "name": "clearcase-dbloader-term-bo(7488)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7488.php" + }, + { + "name": "20011109 ClearCase db_loader TERM environment variable buffer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100528623328037&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0940.json b/2001/0xxx/CVE-2001-0940.json index 47d0e6a56f5..db36c8551d3 100644 --- a/2001/0xxx/CVE-2001-0940.json +++ b/2001/0xxx/CVE-2001-0940.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010921 Check Point FireWall-1 GUI Buffer Overflow", - "refsource" : "WIN2KSEC", - "url" : "http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0151.html" - }, - { - "name" : "20011128 Firewall-1 remote SYSTEM shell buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100698954308436&w=2" - }, - { - "name" : "20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100094268017271&w=2" - }, - { - "name" : "20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00291.html" - }, - { - "name" : "20010919 GUI Buffer Overflow", - "refsource" : "CHECKPOINT", - "url" : "http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html" - }, - { - "name" : "3336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3336" - }, - { - "name" : "fw1-log-viewer-bo(7145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7145" - }, - { - "name" : "1951", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1951", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1951" + }, + { + "name": "20010919 GUI Buffer Overflow", + "refsource": "CHECKPOINT", + "url": "http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html" + }, + { + "name": "20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100094268017271&w=2" + }, + { + "name": "3336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3336" + }, + { + "name": "fw1-log-viewer-bo(7145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7145" + }, + { + "name": "20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00291.html" + }, + { + "name": "20010921 Check Point FireWall-1 GUI Buffer Overflow", + "refsource": "WIN2KSEC", + "url": "http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0151.html" + }, + { + "name": "20011128 Firewall-1 remote SYSTEM shell buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100698954308436&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1002.json b/2001/1xxx/CVE-2001-1002.json index 8c49400df1f..dcda8304b82 100644 --- a/2001/1xxx/CVE-2001-1002.json +++ b/2001/1xxx/CVE-2001-1002.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010827 LPRng/rhs-printfilters - remote execution of commands", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99892644616749&w=2" - }, - { - "name" : "RHSA-2001:102", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-102.html" - }, - { - "name" : "3241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3241" - }, - { - "name" : "dvips-lpd-command-execution(16509)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3241" + }, + { + "name": "dvips-lpd-command-execution(16509)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16509" + }, + { + "name": "20010827 LPRng/rhs-printfilters - remote execution of commands", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99892644616749&w=2" + }, + { + "name": "RHSA-2001:102", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-102.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1048.json b/2008/1xxx/CVE-2008-1048.json index a282277a080..4b6b507a0e1 100644 --- a/2008/1xxx/CVE-2008-1048.json +++ b/2008/1xxx/CVE-2008-1048.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html", - "refsource" : "MISC", - "url" : "http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html" - }, - { - "name" : "27999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27999" - }, - { - "name" : "1019507", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019507" - }, - { - "name" : "29116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29116" - }, - { - "name" : "plume-xmedia-xss(40841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "plume-xmedia-xss(40841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40841" + }, + { + "name": "1019507", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019507" + }, + { + "name": "http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html", + "refsource": "MISC", + "url": "http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html" + }, + { + "name": "29116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29116" + }, + { + "name": "27999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27999" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1063.json b/2008/1xxx/CVE-2008-1063.json index d0efdc1b9ec..fbb595441f0 100644 --- a/2008/1xxx/CVE-2008-1063.json +++ b/2008/1xxx/CVE-2008-1063.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xssing.com/index.php?x=3&y=12", - "refsource" : "MISC", - "url" : "http://www.xssing.com/index.php?x=3&y=12" - }, - { - "name" : "xmmemberstats-sortby-xss(41001)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xmmemberstats-sortby-xss(41001)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41001" + }, + { + "name": "http://www.xssing.com/index.php?x=3&y=12", + "refsource": "MISC", + "url": "http://www.xssing.com/index.php?x=3&y=12" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1102.json b/2008/1xxx/CVE-2008-1102.json index 162c0ed7abe..21fb70842fc 100644 --- a/2008/1xxx/CVE-2008-1102.json +++ b/2008/1xxx/CVE-2008-1102.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-1102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2008-16/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-16/advisory/" - }, - { - "name" : "DSA-1567", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1567" - }, - { - "name" : "FEDORA-2008-3862", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00225.html" - }, - { - "name" : "FEDORA-2008-3875", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00237.html" - }, - { - "name" : "GLSA-200805-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-12.xml" - }, - { - "name" : "MDVSA-2008:204", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:204" - }, - { - "name" : "SUSE-SR:2008:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html" - }, - { - "name" : "28870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28870" - }, - { - "name" : "ADV-2008-1308", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1308/references" - }, - { - "name" : "29818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29818" - }, - { - "name" : "29957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29957" - }, - { - "name" : "30151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30151" - }, - { - "name" : "30097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30097" - }, - { - "name" : "30272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30272" - }, - { - "name" : "blender-imbloadhdr-bo(41917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2008:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html" + }, + { + "name": "blender-imbloadhdr-bo(41917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41917" + }, + { + "name": "http://secunia.com/secunia_research/2008-16/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-16/advisory/" + }, + { + "name": "29818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29818" + }, + { + "name": "FEDORA-2008-3875", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00237.html" + }, + { + "name": "MDVSA-2008:204", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:204" + }, + { + "name": "FEDORA-2008-3862", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00225.html" + }, + { + "name": "30097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30097" + }, + { + "name": "30151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30151" + }, + { + "name": "DSA-1567", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1567" + }, + { + "name": "GLSA-200805-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-12.xml" + }, + { + "name": "28870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28870" + }, + { + "name": "30272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30272" + }, + { + "name": "29957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29957" + }, + { + "name": "ADV-2008-1308", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1308/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1202.json b/2008/1xxx/CVE-2008-1202.json index 9a15686eb86..3d613797a2a 100644 --- a/2008/1xxx/CVE-2008-1202.json +++ b/2008/1xxx/CVE-2008-1202.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080311 Advisory Adobe LiveCycle Workflow XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489413/100/0/threaded" - }, - { - "name" : "http://www.liquidmatrix.org/blog/2008/03/11/advisory-adobe-livecycle-workflow-xss-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.liquidmatrix.org/blog/2008/03/11/advisory-adobe-livecycle-workflow-xss-vulnerability/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-10.html" - }, - { - "name" : "28209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28209" - }, - { - "name" : "ADV-2008-0864", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0864/references" - }, - { - "name" : "1019588", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019588" - }, - { - "name" : "29331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29331" - }, - { - "name" : "3729", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3729" - }, - { - "name" : "adobe-lifecycle-loginpage-xss(41143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0864", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0864/references" + }, + { + "name": "http://www.liquidmatrix.org/blog/2008/03/11/advisory-adobe-livecycle-workflow-xss-vulnerability/", + "refsource": "MISC", + "url": "http://www.liquidmatrix.org/blog/2008/03/11/advisory-adobe-livecycle-workflow-xss-vulnerability/" + }, + { + "name": "adobe-lifecycle-loginpage-xss(41143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41143" + }, + { + "name": "3729", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3729" + }, + { + "name": "1019588", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019588" + }, + { + "name": "28209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28209" + }, + { + "name": "29331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29331" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-10.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-10.html" + }, + { + "name": "20080311 Advisory Adobe LiveCycle Workflow XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489413/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1703.json b/2008/1xxx/CVE-2008-1703.json index 42738518b73..425f4102c39 100644 --- a/2008/1xxx/CVE-2008-1703.json +++ b/2008/1xxx/CVE-2008-1703.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt" - }, - { - "name" : "28717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28717" - }, - { - "name" : "ADV-2008-1189", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1189/references" - }, - { - "name" : "ADV-2008-1190", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1190/references" - }, - { - "name" : "44269", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/44269" - }, - { - "name" : "1019826", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019826" - }, - { - "name" : "29774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29774" - }, - { - "name" : "tibco-rendezvous-multiple-code-execution(41760)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt" + }, + { + "name": "1019826", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019826" + }, + { + "name": "tibco-rendezvous-multiple-code-execution(41760)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41760" + }, + { + "name": "44269", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/44269" + }, + { + "name": "28717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28717" + }, + { + "name": "ADV-2008-1190", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1190/references" + }, + { + "name": "29774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29774" + }, + { + "name": "ADV-2008-1189", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1189/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5148.json b/2008/5xxx/CVE-2008-5148.json index 84fedaf43c8..291d1fd0be1 100644 --- a/2008/5xxx/CVE-2008-5148.json +++ b/2008/5xxx/CVE-2008-5148.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-devel/2008/08/msg00347.html" - }, - { - "name" : "http://uvw.ru/report.sid.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.sid.txt" - }, - { - "name" : "FEDORA-2008-9694", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00431.html" - }, - { - "name" : "FEDORA-2008-9730", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00475.html" - }, - { - "name" : "32806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32806" - }, - { - "name" : "32875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32875" + }, + { + "name": "FEDORA-2008-9730", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00475.html" + }, + { + "name": "FEDORA-2008-9694", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00431.html" + }, + { + "name": "32806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32806" + }, + { + "name": "[debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html" + }, + { + "name": "http://uvw.ru/report.sid.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.sid.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5361.json b/2008/5xxx/CVE-2008-5361.json index 6dac0dd3d55..cfd40e3ece3 100644 --- a/2008/5xxx/CVE-2008-5361.json +++ b/2008/5xxx/CVE-2008-5361.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081122 Adobe Flash Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498561/100/0/threaded" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-22.html", - "refsource" : "MISC", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-22.html" - }, - { - "name" : "http://www.isecpartners.com/advisories/2008-01-flash.txt", - "refsource" : "MISC", - "url" : "http://www.isecpartners.com/advisories/2008-01-flash.txt" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" - }, - { - "name" : "GLSA-200903-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml" - }, - { - "name" : "248586", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" - }, - { - "name" : "33390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33390" - }, - { - "name" : "34226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34226" - }, - { - "name" : "4692", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081122 Adobe Flash Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498561/100/0/threaded" + }, + { + "name": "33390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33390" + }, + { + "name": "http://www.isecpartners.com/advisories/2008-01-flash.txt", + "refsource": "MISC", + "url": "http://www.isecpartners.com/advisories/2008-01-flash.txt" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-22.html", + "refsource": "MISC", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-22.html" + }, + { + "name": "34226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34226" + }, + { + "name": "4692", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4692" + }, + { + "name": "GLSA-200903-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" + }, + { + "name": "248586", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5695.json b/2008/5xxx/CVE-2008-5695.json index 2295356a496..66235e98d50 100644 --- a/2008/5xxx/CVE-2008-5695.json +++ b/2008/5xxx/CVE-2008-5695.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5066", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5066" - }, - { - "name" : "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html", - "refsource" : "MISC", - "url" : "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html" - }, - { - "name" : "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt", - "refsource" : "MISC", - "url" : "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt" - }, - { - "name" : "http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1", - "refsource" : "CONFIRM", - "url" : "http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1" - }, - { - "name" : "27633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27633" - }, - { - "name" : "28789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28789" - }, - { - "name" : "4798", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4798", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4798" + }, + { + "name": "27633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27633" + }, + { + "name": "5066", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5066" + }, + { + "name": "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt", + "refsource": "MISC", + "url": "http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt" + }, + { + "name": "28789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28789" + }, + { + "name": "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html", + "refsource": "MISC", + "url": "http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html" + }, + { + "name": "http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1", + "refsource": "CONFIRM", + "url": "http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2184.json b/2011/2xxx/CVE-2011-2184.json index 98140aa8357..982371b2586 100644 --- a/2011/2xxx/CVE-2011-2184.json +++ b/2011/2xxx/CVE-2011-2184.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20110523 Oops (bad memory deref) in slab_alloc() due to filp_cachep holding incorrect values", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/5/23/199" - }, - { - "name" : "[linux-kernel] 20110524 Re: Fwd: Oops (bad memory deref) in slab_alloc() due to filp_cachep holding incorrect values", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/5/24/502" - }, - { - "name" : "[linux-kernel] 20110525 Re: [Security] Fwd: Oops (bad memory deref) in slab_alloc() due to filp_cachep holding incorrect values", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/5/25/265" - }, - { - "name" : "[oss-security] 20110603 CVE request: kernel: set cred->user_ns in key_replace_session_keyring", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/03/2" - }, - { - "name" : "[oss-security] 20110606 Re: CVE request: kernel: set cred->user_ns in key_replace_session_keyring", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/06/2" - }, - { - "name" : "http://alt.swiecki.net/linux_kernel/sys_open-kmem_cache_alloc-2.6.39-rc4.txt", - "refsource" : "MISC", - "url" : "http://alt.swiecki.net/linux_kernel/sys_open-kmem_cache_alloc-2.6.39-rc4.txt" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f7285b5d631fd6096b11c6af0058ed3a2b30ef4e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f7285b5d631fd6096b11c6af0058ed3a2b30ef4e" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.1" - }, - { - "name" : "8371", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://alt.swiecki.net/linux_kernel/sys_open-kmem_cache_alloc-2.6.39-rc4.txt", + "refsource": "MISC", + "url": "http://alt.swiecki.net/linux_kernel/sys_open-kmem_cache_alloc-2.6.39-rc4.txt" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f7285b5d631fd6096b11c6af0058ed3a2b30ef4e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f7285b5d631fd6096b11c6af0058ed3a2b30ef4e" + }, + { + "name": "[oss-security] 20110603 CVE request: kernel: set cred->user_ns in key_replace_session_keyring", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/03/2" + }, + { + "name": "[linux-kernel] 20110524 Re: Fwd: Oops (bad memory deref) in slab_alloc() due to filp_cachep holding incorrect values", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/5/24/502" + }, + { + "name": "[linux-kernel] 20110523 Oops (bad memory deref) in slab_alloc() due to filp_cachep holding incorrect values", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/5/23/199" + }, + { + "name": "[linux-kernel] 20110525 Re: [Security] Fwd: Oops (bad memory deref) in slab_alloc() due to filp_cachep holding incorrect values", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/5/25/265" + }, + { + "name": "8371", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8371" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.1" + }, + { + "name": "[oss-security] 20110606 Re: CVE request: kernel: set cred->user_ns in key_replace_session_keyring", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/06/2" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2895.json b/2011/2xxx/CVE-2011-2895.json index e1b6c178776..976707b1927 100644 --- a/2011/2xxx/CVE-2011-2895.json +++ b/2011/2xxx/CVE-2011-2895.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110810 LZW decompression issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/10/10" - }, - { - "name" : "[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html" - }, - { - "name" : "[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html" - }, - { - "name" : "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=725760", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=725760" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=727624", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=727624" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "https://support.apple.com/HT205635", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205635" - }, - { - "name" : "https://support.apple.com/HT205637", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205637" - }, - { - "name" : "https://support.apple.com/HT205640", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205640" - }, - { - "name" : "https://support.apple.com/HT205641", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205641" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-12-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-12-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-12-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html" - }, - { - "name" : "APPLE-SA-2015-12-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html" - }, - { - "name" : "DSA-2293", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2293" - }, - { - "name" : "MDVSA-2011:153", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:153" - }, - { - "name" : "NetBSD-SA2011-007", - "refsource" : "NETBSD", - "url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc" - }, - { - "name" : "RHSA-2011:1154", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1154.html" - }, - { - "name" : "RHSA-2011:1155", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1155.html" - }, - { - "name" : "RHSA-2011:1161", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1161.html" - }, - { - "name" : "RHSA-2011:1834", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1834.html" - }, - { - "name" : "SUSE-SU-2011:1035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html" - }, - { - "name" : "openSUSE-SU-2011:1299", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html" - }, - { - "name" : "USN-1191-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1191-1" - }, - { - "name" : "49124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49124" - }, - { - "name" : "1025920", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025920" - }, - { - "name" : "45544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45544" - }, - { - "name" : "45568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45568" - }, - { - "name" : "45599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45599" - }, - { - "name" : "45986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45986" - }, - { - "name" : "46127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46127" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - }, - { - "name" : "xorg-lzw-bo(69141)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205635", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205635" + }, + { + "name": "RHSA-2011:1154", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1154.html" + }, + { + "name": "USN-1191-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1191-1" + }, + { + "name": "[oss-security] 20110810 LZW decompression issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/10/10" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=725760", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725760" + }, + { + "name": "45544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45544" + }, + { + "name": "https://support.apple.com/HT205637", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205637" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "APPLE-SA-2015-12-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html" + }, + { + "name": "MDVSA-2011:153", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:153" + }, + { + "name": "49124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49124" + }, + { + "name": "45599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45599" + }, + { + "name": "RHSA-2011:1155", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1155.html" + }, + { + "name": "1025920", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025920" + }, + { + "name": "openSUSE-SU-2011:1299", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html" + }, + { + "name": "APPLE-SA-2015-12-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html" + }, + { + "name": "SUSE-SU-2011:1035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html" + }, + { + "name": "46127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46127" + }, + { + "name": "45986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45986" + }, + { + "name": "RHSA-2011:1161", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1161.html" + }, + { + "name": "RHSA-2011:1834", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1834.html" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17" + }, + { + "name": "xorg-lzw-bo(69141)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69141" + }, + { + "name": "APPLE-SA-2015-12-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html" + }, + { + "name": "45568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45568" + }, + { + "name": "[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html" + }, + { + "name": "https://support.apple.com/HT205641", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205641" + }, + { + "name": "NetBSD-SA2011-007", + "refsource": "NETBSD", + "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc" + }, + { + "name": "https://support.apple.com/HT205640", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205640" + }, + { + "name": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + }, + { + "name": "APPLE-SA-2015-12-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + }, + { + "name": "DSA-2293", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2293" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=727624", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727624" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2910.json b/2011/2xxx/CVE-2011-2910.json index a0af8827939..b8646544cae 100644 --- a/2011/2xxx/CVE-2011-2910.json +++ b/2011/2xxx/CVE-2011-2910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2932.json b/2011/2xxx/CVE-2011-2932.json index 4f832e70921..797025dd4e4 100644 --- a/2011/2xxx/CVE-2011-2932.json +++ b/2011/2xxx/CVE-2011-2932.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a \"UTF-8 escaping vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110817 CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/17/1" - }, - { - "name" : "[oss-security] 20110819 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/19/11" - }, - { - "name" : "[oss-security] 20110820 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/20/1" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/14" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/13" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/5" - }, - { - "name" : "[rubyonrails-security] 20110816 XSS Vulnerability in the escaping function in Ruby on Rails", - "refsource" : "MLIST", - "url" : "http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain" - }, - { - "name" : "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=731435", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=731435" - }, - { - "name" : "https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd", - "refsource" : "CONFIRM", - "url" : "https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd" - }, - { - "name" : "FEDORA-2011-11386", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" - }, - { - "name" : "FEDORA-2011-11579", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html" - }, - { - "name" : "FEDORA-2011-11600", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html" - }, - { - "name" : "45917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a \"UTF-8 escaping vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=731435", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731435" + }, + { + "name": "45917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45917" + }, + { + "name": "[oss-security] 20110817 CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" + }, + { + "name": "FEDORA-2011-11579", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" + }, + { + "name": "FEDORA-2011-11600", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html" + }, + { + "name": "FEDORA-2011-11386", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" + }, + { + "name": "[oss-security] 20110819 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" + }, + { + "name": "[oss-security] 20110820 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" + }, + { + "name": "https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd", + "refsource": "CONFIRM", + "url": "https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" + }, + { + "name": "[rubyonrails-security] 20110816 XSS Vulnerability in the escaping function in Ruby on Rails", + "refsource": "MLIST", + "url": "http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain" + }, + { + "name": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0810.json b/2013/0xxx/CVE-2013-0810.json index 2d1cebd7822..34a01efd63a 100644 --- a/2013/0xxx/CVE-2013-0810.json +++ b/2013/0xxx/CVE-2013-0810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka \"Windows Theme File Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-071", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-071" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18579", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka \"Windows Theme File Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:18579", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18579" + }, + { + "name": "MS13-071", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-071" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0949.json b/2013/0xxx/CVE-2013-0949.json index 0f12f30315b..e7d8114a27a 100644 --- a/2013/0xxx/CVE-2013-0949.json +++ b/2013/0xxx/CVE-2013-0949.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5642", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5642" - }, - { - "name" : "APPLE-SA-2013-01-28-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2013-03-14-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5642", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5642" + }, + { + "name": "APPLE-SA-2013-03-14-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html" + }, + { + "name": "APPLE-SA-2013-01-28-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1162.json b/2013/1xxx/CVE-2013-1162.json index 8625b04cec4..20456bcc699 100644 --- a/2013/1xxx/CVE-2013-1162.json +++ b/2013/1xxx/CVE-2013-1162.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130315 Cisco IOS XR Traffic Engineering Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130315 Cisco IOS XR Traffic Engineering Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1162" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3164.json b/2013/3xxx/CVE-2013-3164.json index ff7c4348c75..4cf92452eeb 100644 --- a/2013/3xxx/CVE-2013-3164.json +++ b/2013/3xxx/CVE-2013-3164.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-055", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" - }, - { - "name" : "TA13-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" - }, - { - "name" : "oval:org.mitre.oval:def:17376", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17376", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17376" + }, + { + "name": "MS13-055", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" + }, + { + "name": "TA13-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-190A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3305.json b/2013/3xxx/CVE-2013-3305.json index 56cf091f566..5544574d2a3 100644 --- a/2013/3xxx/CVE-2013-3305.json +++ b/2013/3xxx/CVE-2013-3305.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3305", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3305", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3544.json b/2013/3xxx/CVE-2013-3544.json index 4cfb5ba4e85..33c01bf26ce 100644 --- a/2013/3xxx/CVE-2013-3544.json +++ b/2013/3xxx/CVE-2013-3544.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3544", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3544. Reason: This candidate is a duplicate of CVE-2012-3544. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-3544 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-3544", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3544. Reason: This candidate is a duplicate of CVE-2012-3544. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-3544 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3863.json b/2013/3xxx/CVE-2013-3863.json index c7cc9bec330..c39b9632573 100644 --- a/2013/3xxx/CVE-2013-3863.json +++ b/2013/3xxx/CVE-2013-3863.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via a crafted OLE object in a file, aka \"OLE Property Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-070", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-070" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18759", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via a crafted OLE object in a file, aka \"OLE Property Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:18759", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18759" + }, + { + "name": "MS13-070", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-070" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4133.json b/2013/4xxx/CVE-2013-4133.json index df4dd3a32b8..3bd027f77e1 100644 --- a/2013/4xxx/CVE-2013-4133.json +++ b/2013/4xxx/CVE-2013-4133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4179.json b/2013/4xxx/CVE-2013-4179.json index c4a8eafc8c7..cfa3fd80a37 100644 --- a/2013/4xxx/CVE-2013-4179.json +++ b/2013/4xxx/CVE-2013-4179.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ossa/+bug/1190229", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ossa/+bug/1190229" - }, - { - "name" : "RHSA-2013:1199", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1199.html" - }, - { - "name" : "USN-2005-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2005-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1199", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" + }, + { + "name": "https://bugs.launchpad.net/ossa/+bug/1190229", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ossa/+bug/1190229" + }, + { + "name": "USN-2005-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2005-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4807.json b/2013/4xxx/CVE-2013-4807.json index f6f70be826d..2b449822365 100644 --- a/2013/4xxx/CVE-2013-4807.json +++ b/2013/4xxx/CVE-2013-4807.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703 allows remote attackers to modify data via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI02887", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03825817" - }, - { - "name" : "SSRT101181", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03825817" - }, - { - "name" : "61565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61565" - }, - { - "name" : "95907", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95907" - }, - { - "name" : "1028869", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028869" - }, - { - "name" : "hp-laserjet-cve20134807-unauth-access(86178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703 allows remote attackers to modify data via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95907", + "refsource": "OSVDB", + "url": "http://osvdb.org/95907" + }, + { + "name": "SSRT101181", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03825817" + }, + { + "name": "HPSBPI02887", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03825817" + }, + { + "name": "1028869", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028869" + }, + { + "name": "61565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61565" + }, + { + "name": "hp-laserjet-cve20134807-unauth-access(86178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86178" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4853.json b/2013/4xxx/CVE-2013-4853.json index 935bea3d23e..aa2cc4b1892 100644 --- a/2013/4xxx/CVE-2013-4853.json +++ b/2013/4xxx/CVE-2013-4853.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4853", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4853", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12044.json b/2017/12xxx/CVE-2017-12044.json index cbb8b353f3f..a939ff1ea1d 100644 --- a/2017/12xxx/CVE-2017-12044.json +++ b/2017/12xxx/CVE-2017-12044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12044", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12044", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12363.json b/2017/12xxx/CVE-2017-12363.json index 2c785167c6b..3387c26a9b0 100644 --- a/2017/12xxx/CVE-2017-12363.json +++ b/2017/12xxx/CVE-2017-12363.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx Meeting Server", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco WebEx Meeting Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx Meeting Server", + "version": { + "version_data": [ + { + "version_value": "Cisco WebEx Meeting Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex3", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex3" - }, - { - "name" : "102000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102000" - }, - { - "name" : "1039921", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102000" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex3", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex3" + }, + { + "name": "1039921", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039921" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12492.json b/2017/12xxx/CVE-2017-12492.json index dd3dc65dc40..90db4b80e94 100644 --- a/2017/12xxx/CVE-2017-12492.json +++ b/2017/12xxx/CVE-2017-12492.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12995.json b/2017/12xxx/CVE-2017-12995.json index 03d381ba02c..4d5390b859a 100644 --- a/2017/12xxx/CVE-2017-12995.json +++ b/2017/12xxx/CVE-2017-12995.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/3a76fd7c95fced2c2f8c8148a9055c3a542eff29", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/3a76fd7c95fced2c2f8c8148a9055c3a542eff29" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/3a76fd7c95fced2c2f8c8148a9055c3a542eff29", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/3a76fd7c95fced2c2f8c8148a9055c3a542eff29" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13272.json b/2017/13xxx/CVE-2017-13272.json index 5654b86943f..4f1235b1ee0 100644 --- a/2017/13xxx/CVE-2017-13272.json +++ b/2017/13xxx/CVE-2017-13272.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-13272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-13272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-03-01" - }, - { - "name" : "103253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-03-01" + }, + { + "name": "103253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103253" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13294.json b/2017/13xxx/CVE-2017-13294.json index 5a6bad2644d..31cabc12397 100644 --- a/2017/13xxx/CVE-2017-13294.json +++ b/2017/13xxx/CVE-2017-13294.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-13294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-13294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13790.json b/2017/13xxx/CVE-2017-13790.json index d55c844c217..c6631a92d94 100644 --- a/2017/13xxx/CVE-2017-13790.json +++ b/2017/13xxx/CVE-2017-13790.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208223", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208223" - }, - { - "name" : "1039706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039706" + }, + { + "name": "https://support.apple.com/HT208223", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208223" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16327.json b/2017/16xxx/CVE-2017-16327.json index 3e04c031fce..248b1dcdf2d 100644 --- a/2017/16xxx/CVE-2017-16327.json +++ b/2017/16xxx/CVE-2017-16327.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16327", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16327", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16707.json b/2017/16xxx/CVE-2017-16707.json index f744936ec95..733c832baa1 100644 --- a/2017/16xxx/CVE-2017-16707.json +++ b/2017/16xxx/CVE-2017-16707.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16707", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16707", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16795.json b/2017/16xxx/CVE-2017-16795.json index 78f262cf182..babf052a0a9 100644 --- a/2017/16xxx/CVE-2017-16795.json +++ b/2017/16xxx/CVE-2017-16795.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16795", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16795", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16882.json b/2017/16xxx/CVE-2017-16882.json index 694191e9021..29803468841 100644 --- a/2017/16xxx/CVE-2017-16882.json +++ b/2017/16xxx/CVE-2017-16882.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Icinga/icinga-core/issues/1601", - "refsource" : "MISC", - "url" : "https://github.com/Icinga/icinga-core/issues/1601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Icinga/icinga-core/issues/1601", + "refsource": "MISC", + "url": "https://github.com/Icinga/icinga-core/issues/1601" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17206.json b/2017/17xxx/CVE-2017-17206.json index a337c20844c..764ae347c0e 100644 --- a/2017/17xxx/CVE-2017-17206.json +++ b/2017/17xxx/CVE-2017-17206.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17206", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17206", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17289.json b/2017/17xxx/CVE-2017-17289.json index 91ececd4ebb..f5b1b1f1966 100644 --- a/2017/17xxx/CVE-2017-17289.json +++ b/2017/17xxx/CVE-2017-17289.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DP300,RP200,TE30,TE40,TE50,TE60", - "version" : { - "version_data" : [ - { - "version_value" : "DP300 V500R002C00,RP200 V500R002C00, V600R006C00,TE30 V100R001C10, V500R002C00, V600R006C00,TE40 V500R002C00, V600R006C00,TE50 V500R002C00, V600R006C00,TE60 V100R001C10, V500R002C00, V600R006C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "memory leak" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DP300,RP200,TE30,TE40,TE50,TE60", + "version": { + "version_data": [ + { + "version_value": "DP300 V500R002C00,RP200 V500R002C00, V600R006C00,TE30 V100R001C10, V500R002C00, V600R006C00,TE40 V500R002C00, V600R006C00,TE50 V500R002C00, V600R006C00,TE60 V100R001C10, V500R002C00, V600R006C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-xml-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-xml-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-xml-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-xml-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4409.json b/2017/4xxx/CVE-2017-4409.json index fd7c9d26031..9ad745741e9 100644 --- a/2017/4xxx/CVE-2017-4409.json +++ b/2017/4xxx/CVE-2017-4409.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4409", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4409", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18539.json b/2018/18xxx/CVE-2018-18539.json index f5f7a3de7ff..07c098f0811 100644 --- a/2018/18xxx/CVE-2018-18539.json +++ b/2018/18xxx/CVE-2018-18539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18539", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18539", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18858.json b/2018/18xxx/CVE-2018-18858.json index 052f73ab1e5..6aab0b00567 100644 --- a/2018/18xxx/CVE-2018-18858.json +++ b/2018/18xxx/CVE-2018-18858.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the \"tun_path\" or \"tap_path\" pathname within a shell command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45782", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45782/" - }, - { - "name" : "20181102 Multiple Privilege Escalation Vulnerabilities in LiquidVPN for MacOS (CVE-2018-18856, CVE-2018-18857, CVE-2018-18858, CVE-2018-18859)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Nov/1" - }, - { - "name" : "http://packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the \"tun_path\" or \"tap_path\" pathname within a shell command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.html" + }, + { + "name": "45782", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45782/" + }, + { + "name": "20181102 Multiple Privilege Escalation Vulnerabilities in LiquidVPN for MacOS (CVE-2018-18856, CVE-2018-18857, CVE-2018-18858, CVE-2018-18859)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Nov/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1347.json b/2018/1xxx/CVE-2018-1347.json index 9399e0c8ac4..fbe67d84b6b 100644 --- a/2018/1xxx/CVE-2018-1347.json +++ b/2018/1xxx/CVE-2018-1347.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2018-1347", - "STATE" : "PUBLIC", - "TITLE" : "NetIQ iManager, versions prior to 3.1, reflected XSS issue " - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iManager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "iManager prior to (3.1)", - "version_value" : "3.1" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "ADJACENT_NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected XSS" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2018-1347", + "STATE": "PUBLIC", + "TITLE": "NetIQ iManager, versions prior to 3.1, reflected XSS issue " + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "iManager prior to (3.1)", + "version_value": "3.1" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html" - }, - { - "name" : "103492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103492" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Upgrade to iManager 3.1" - } - ], - "source" : { - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html" + }, + { + "name": "103492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103492" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to iManager 3.1" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1522.json b/2018/1xxx/CVE-2018-1522.json index 2d6d3a1cdd5..11bd950ed22 100644 --- a/2018/1xxx/CVE-2018-1522.json +++ b/2018/1xxx/CVE-2018-1522.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-1522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "5.01" - }, - { - "version_value" : "5.02" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141803." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-1522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "5.01" + }, + { + "version_value": "5.02" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733078" - }, - { - "name" : "ibm-rqm-cve20181522-xss(141803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141803." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20181522-xss(141803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141803" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733078", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733078" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1860.json b/2018/1xxx/CVE-2018-1860.json index 32ef19d2bda..58b4e426125 100644 --- a/2018/1xxx/CVE-2018-1860.json +++ b/2018/1xxx/CVE-2018-1860.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1860", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1860", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5239.json b/2018/5xxx/CVE-2018-5239.json index 4c4185deca2..cbda9c3fd06 100644 --- a/2018/5xxx/CVE-2018-5239.json +++ b/2018/5xxx/CVE-2018-5239.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2018-07-16T00:00:00", - "ID" : "CVE-2018-5239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Norton App Lock", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to v1.3.0.332" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "App Lock Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2018-07-16T00:00:00", + "ID": "CVE-2018-5239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Norton App Lock", + "version": { + "version_data": [ + { + "version_value": "Prior to v1.3.0.332" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.symantec.com/en_US/article.SYMSA1455.html", - "refsource" : "CONFIRM", - "url" : "https://support.symantec.com/en_US/article.SYMSA1455.html" - }, - { - "name" : "104693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "App Lock Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104693" + }, + { + "name": "https://support.symantec.com/en_US/article.SYMSA1455.html", + "refsource": "CONFIRM", + "url": "https://support.symantec.com/en_US/article.SYMSA1455.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5423.json b/2018/5xxx/CVE-2018-5423.json index 28d9a373f3d..70908e084ee 100644 --- a/2018/5xxx/CVE-2018-5423.json +++ b/2018/5xxx/CVE-2018-5423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5423", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-5423", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5760.json b/2018/5xxx/CVE-2018-5760.json index 3c52047e625..fe1879f2a58 100644 --- a/2018/5xxx/CVE-2018-5760.json +++ b/2018/5xxx/CVE-2018-5760.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5760", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5760", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file