From 567fec62755d9a7f75840053160604367199a448 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:50:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0126.json | 140 +++--- 2001/0xxx/CVE-2001-0322.json | 140 +++--- 2001/0xxx/CVE-2001-0386.json | 150 +++---- 2001/0xxx/CVE-2001-0655.json | 34 +- 2001/0xxx/CVE-2001-0866.json | 160 +++---- 2001/1xxx/CVE-2001-1369.json | 140 +++--- 2006/2xxx/CVE-2006-2100.json | 190 ++++---- 2006/2xxx/CVE-2006-2290.json | 160 +++---- 2008/1xxx/CVE-2008-1808.json | 700 ++++++++++++++--------------- 2008/5xxx/CVE-2008-5110.json | 190 ++++---- 2008/5xxx/CVE-2008-5196.json | 150 +++---- 2008/5xxx/CVE-2008-5209.json | 150 +++---- 2008/5xxx/CVE-2008-5681.json | 160 +++---- 2008/5xxx/CVE-2008-5998.json | 160 +++---- 2011/2xxx/CVE-2011-2003.json | 150 +++---- 2011/2xxx/CVE-2011-2125.json | 160 +++---- 2011/2xxx/CVE-2011-2130.json | 200 ++++----- 2011/2xxx/CVE-2011-2698.json | 270 +++++------ 2011/3xxx/CVE-2011-3134.json | 150 +++---- 2013/0xxx/CVE-2013-0209.json | 150 +++---- 2013/0xxx/CVE-2013-0255.json | 320 ++++++------- 2013/0xxx/CVE-2013-0558.json | 140 +++--- 2013/1xxx/CVE-2013-1231.json | 120 ++--- 2013/1xxx/CVE-2013-1251.json | 140 +++--- 2013/1xxx/CVE-2013-1291.json | 130 +++--- 2013/1xxx/CVE-2013-1296.json | 140 +++--- 2013/1xxx/CVE-2013-1901.json | 270 +++++------ 2013/4xxx/CVE-2013-4425.json | 150 +++---- 2013/4xxx/CVE-2013-4564.json | 170 +++---- 2013/4xxx/CVE-2013-4683.json | 140 +++--- 2013/5xxx/CVE-2013-5411.json | 140 +++--- 2013/5xxx/CVE-2013-5505.json | 180 ++++---- 2017/1000xxx/CVE-2017-1000226.json | 124 ++--- 2017/1000xxx/CVE-2017-1000405.json | 174 +++---- 2017/12xxx/CVE-2017-12036.json | 34 +- 2017/12xxx/CVE-2017-12341.json | 130 +++--- 2017/12xxx/CVE-2017-12675.json | 120 ++--- 2017/12xxx/CVE-2017-12732.json | 130 +++--- 2017/13xxx/CVE-2017-13081.json | 376 ++++++++-------- 2017/13xxx/CVE-2017-13548.json | 34 +- 2017/13xxx/CVE-2017-13686.json | 130 +++--- 2017/13xxx/CVE-2017-13985.json | 140 +++--- 2017/16xxx/CVE-2017-16814.json | 120 ++--- 2017/4xxx/CVE-2017-4054.json | 150 +++---- 2017/4xxx/CVE-2017-4512.json | 34 +- 2017/4xxx/CVE-2017-4603.json | 34 +- 2017/4xxx/CVE-2017-4922.json | 140 +++--- 2018/18xxx/CVE-2018-18460.json | 130 +++--- 2018/18xxx/CVE-2018-18588.json | 34 +- 2018/18xxx/CVE-2018-18590.json | 196 ++++---- 2018/18xxx/CVE-2018-18955.json | 240 +++++----- 2018/1xxx/CVE-2018-1334.json | 144 +++--- 2018/5xxx/CVE-2018-5194.json | 34 +- 2018/5xxx/CVE-2018-5429.json | 524 ++++++++++----------- 2018/5xxx/CVE-2018-5758.json | 120 ++--- 2018/5xxx/CVE-2018-5981.json | 120 ++--- 56 files changed, 4578 insertions(+), 4578 deletions(-) diff --git a/2001/0xxx/CVE-2001-0126.json b/2001/0xxx/CVE-2001-0126.json index 1351d72120a..afd79c9356b 100644 --- a/2001/0xxx/CVE-2001-0126.json +++ b/2001/0xxx/CVE-2001-0126.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97906670012796&w=2" - }, - { - "name" : "20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98027700625521&w=2" - }, - { - "name" : "oracle-xsql-execute-code(5905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-xsql-execute-code(5905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5905" + }, + { + "name": "20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98027700625521&w=2" + }, + { + "name": "20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97906670012796&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0322.json b/2001/0xxx/CVE-2001-0322.json index a11c488532e..ffe2b815d31 100644 --- a/2001/0xxx/CVE-2001-0322.json +++ b/2001/0xxx/CVE-2001-0322.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010115 Stack Overflow in MSHTML.DLL", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97958685100219&w=2" - }, - { - "name" : "2202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2202" - }, - { - "name" : "ie-mshtml-dos(5938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2202" + }, + { + "name": "20010115 Stack Overflow in MSHTML.DLL", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97958685100219&w=2" + }, + { + "name": "ie-mshtml-dos(5938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5938" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0386.json b/2001/0xxx/CVE-2001-0386.json index 067122cbdbc..69b93fba3a5 100644 --- a/2001/0xxx/CVE-2001-0386.json +++ b/2001/0xxx/CVE-2001-0386.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010417 Advisory for SimpleServer:WWW (analogX)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/177156" - }, - { - "name" : "2608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2608" - }, - { - "name" : "analogx-simpleserver-aux-dos(6395)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6395" - }, - { - "name" : "3781", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3781", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3781" + }, + { + "name": "analogx-simpleserver-aux-dos(6395)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6395" + }, + { + "name": "20010417 Advisory for SimpleServer:WWW (analogX)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/177156" + }, + { + "name": "2608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2608" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0655.json b/2001/0xxx/CVE-2001-0655.json index 86f708447a8..24afd1b972b 100644 --- a/2001/0xxx/CVE-2001-0655.json +++ b/2001/0xxx/CVE-2001-0655.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0655", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2001-0655", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0866.json b/2001/0xxx/CVE-2001-0866.json index 12401023eb8..e686dd9bef8 100644 --- a/2001/0xxx/CVE-2001-0866.json +++ b/2001/0xxx/CVE-2001-0866.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml" - }, - { - "name" : "M-018", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-018.shtml" - }, - { - "name" : "cisco-input-acl-configured(7554)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7554.php" - }, - { - "name" : "3537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3537" - }, - { - "name" : "1984", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "M-018", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-018.shtml" + }, + { + "name": "20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml" + }, + { + "name": "cisco-input-acl-configured(7554)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7554.php" + }, + { + "name": "3537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3537" + }, + { + "name": "1984", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1984" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1369.json b/2001/1xxx/CVE-2001-1369.json index df9799f083f..640fd7d8138 100644 --- a/2001/1xxx/CVE-2001-1369.json +++ b/2001/1xxx/CVE-2001-1369.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-02:14", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:14.pam-pgsql.asc" - }, - { - "name" : "3319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3319" - }, - { - "name" : "postgresql-pam-authentication-module(7110)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7110.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3319" + }, + { + "name": "FreeBSD-SA-02:14", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:14.pam-pgsql.asc" + }, + { + "name": "postgresql-pam-authentication-module(7110)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7110.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2100.json b/2006/2xxx/CVE-2006-2100.json index 0d59fd94559..66dfe54d80c 100644 --- a/2006/2xxx/CVE-2006-2100.json +++ b/2006/2xxx/CVE-2006-2100.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060428 WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432359/100/0/threaded" - }, - { - "name" : "http://secway.org/advisory/AD20060428.txt", - "refsource" : "MISC", - "url" : "http://secway.org/advisory/AD20060428.txt" - }, - { - "name" : "17725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17725" - }, - { - "name" : "ADV-2006-1568", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1568" - }, - { - "name" : "1016007", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016007" - }, - { - "name" : "19864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19864" - }, - { - "name" : "815", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/815" - }, - { - "name" : "iso-dotdot-directory-traversal(26140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1568", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1568" + }, + { + "name": "1016007", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016007" + }, + { + "name": "iso-dotdot-directory-traversal(26140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26140" + }, + { + "name": "19864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19864" + }, + { + "name": "17725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17725" + }, + { + "name": "815", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/815" + }, + { + "name": "http://secway.org/advisory/AD20060428.txt", + "refsource": "MISC", + "url": "http://secway.org/advisory/AD20060428.txt" + }, + { + "name": "20060428 WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432359/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2290.json b/2006/2xxx/CVE-2006-2290.json index a33321e1fee..0157a6e844c 100644 --- a/2006/2xxx/CVE-2006-2290.json +++ b/2006/2xxx/CVE-2006-2290.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) email, and (3) url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://d4igoro.blogspot.com/2006/05/c2005-comments-script-xss.html", - "refsource" : "MISC", - "url" : "http://d4igoro.blogspot.com/2006/05/c2005-comments-script-xss.html" - }, - { - "name" : "17895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17895" - }, - { - "name" : "ADV-2006-1706", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1706" - }, - { - "name" : "19996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19996" - }, - { - "name" : "2005commentsscript-kommentar-xss(26318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) email, and (3) url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2005commentsscript-kommentar-xss(26318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26318" + }, + { + "name": "http://d4igoro.blogspot.com/2006/05/c2005-comments-script-xss.html", + "refsource": "MISC", + "url": "http://d4igoro.blogspot.com/2006/05/c2005-comments-script-xss.html" + }, + { + "name": "19996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19996" + }, + { + "name": "ADV-2006-1706", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1706" + }, + { + "name": "17895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17895" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1808.json b/2008/1xxx/CVE-2008-1808.json index bff1eaac92d..34578ba11b7 100644 --- a/2008/1xxx/CVE-2008-1808.json +++ b/2008/1xxx/CVE-2008-1808.json @@ -1,352 +1,352 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080610 Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717" - }, - { - "name" : "20080814 rPSA-2008-0255-1 freetype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495497/100/0/threaded" - }, - { - "name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495869/100/0/threaded" - }, - { - "name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm" - }, - { - "name" : "http://www.vmware.com/support/player/doc/releasenotes_player.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player/doc/releasenotes_player.html" - }, - { - "name" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" - }, - { - "name" : "http://www.vmware.com/support/server/doc/releasenotes_server.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/server/doc/releasenotes_server.html" - }, - { - "name" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" - }, - { - "name" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" - }, - { - "name" : "http://support.apple.com/kb/HT3129", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3129" - }, - { - "name" : "http://support.apple.com/kb/HT3026", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3026" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2608", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2608" - }, - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "APPLE-SA-2008-09-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2008-09-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "FEDORA-2008-5425", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html" - }, - { - "name" : "FEDORA-2008-5430", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html" - }, - { - "name" : "GLSA-200806-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200806-10.xml" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "MDVSA-2008:121", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:121" - }, - { - "name" : "RHSA-2008:0556", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0556.html" - }, - { - "name" : "RHSA-2008:0558", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0558.html" - }, - { - "name" : "RHSA-2009:0329", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0329.html" - }, - { - "name" : "239006", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1" - }, - { - "name" : "SUSE-SR:2008:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" - }, - { - "name" : "USN-643-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-643-1" - }, - { - "name" : "29637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29637" - }, - { - "name" : "29639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29639" - }, - { - "name" : "oval:org.mitre.oval:def:11188", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11188" - }, - { - "name" : "35204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35204" - }, - { - "name" : "ADV-2008-1794", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1794" - }, - { - "name" : "ADV-2008-1876", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1876/references" - }, - { - "name" : "ADV-2008-2423", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2423" - }, - { - "name" : "ADV-2008-2466", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2466" - }, - { - "name" : "ADV-2008-2558", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2558" - }, - { - "name" : "ADV-2008-2525", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2525" - }, - { - "name" : "1020240", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020240" - }, - { - "name" : "30600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30600" - }, - { - "name" : "30740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30740" - }, - { - "name" : "30766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30766" - }, - { - "name" : "30721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30721" - }, - { - "name" : "30821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30821" - }, - { - "name" : "30819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30819" - }, - { - "name" : "30967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30967" - }, - { - "name" : "31707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31707" - }, - { - "name" : "31709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31709" - }, - { - "name" : "31711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31711" - }, - { - "name" : "31712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31712" - }, - { - "name" : "31856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31856" - }, - { - "name" : "31900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31900" - }, - { - "name" : "31823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31823" - }, - { - "name" : "31577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31577" - }, - { - "name" : "31479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31479" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020240", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020240" + }, + { + "name": "20080814 rPSA-2008-0255-1 freetype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495497/100/0/threaded" + }, + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" + }, + { + "name": "FEDORA-2008-5430", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html" + }, + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "ADV-2008-1876", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1876/references" + }, + { + "name": "30721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30721" + }, + { + "name": "MDVSA-2008:121", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:121" + }, + { + "name": "ADV-2008-2525", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2525" + }, + { + "name": "31712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31712" + }, + { + "name": "31709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31709" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=605780" + }, + { + "name": "http://www.vmware.com/support/server/doc/releasenotes_server.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" + }, + { + "name": "30740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30740" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "GLSA-200806-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200806-10.xml" + }, + { + "name": "30766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30766" + }, + { + "name": "31479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31479" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "ADV-2008-2423", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2423" + }, + { + "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" + }, + { + "name": "30967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30967" + }, + { + "name": "239006", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239006-1" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2608", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2608" + }, + { + "name": "30821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30821" + }, + { + "name": "http://support.apple.com/kb/HT3026", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3026" + }, + { + "name": "http://support.apple.com/kb/HT3129", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3129" + }, + { + "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" + }, + { + "name": "FEDORA-2008-5425", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00717.html" + }, + { + "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" + }, + { + "name": "oval:org.mitre.oval:def:11188", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11188" + }, + { + "name": "20080610 Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717" + }, + { + "name": "31856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31856" + }, + { + "name": "29639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29639" + }, + { + "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded" + }, + { + "name": "31711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31711" + }, + { + "name": "RHSA-2008:0556", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0556.html" + }, + { + "name": "SUSE-SR:2008:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0255" + }, + { + "name": "APPLE-SA-2008-09-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html" + }, + { + "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" + }, + { + "name": "ADV-2008-1794", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1794" + }, + { + "name": "31823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31823" + }, + { + "name": "ADV-2008-2558", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2558" + }, + { + "name": "30600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30600" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-318.htm" + }, + { + "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" + }, + { + "name": "31900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31900" + }, + { + "name": "30819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30819" + }, + { + "name": "31707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31707" + }, + { + "name": "APPLE-SA-2008-09-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html" + }, + { + "name": "RHSA-2009:0329", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html" + }, + { + "name": "USN-643-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-643-1" + }, + { + "name": "35204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35204" + }, + { + "name": "RHSA-2008:0558", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0558.html" + }, + { + "name": "31577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31577" + }, + { + "name": "ADV-2008-2466", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2466" + }, + { + "name": "29637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29637" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5110.json b/2008/5xxx/CVE-2008-5110.json index 62c18eaa228..e9c7216995a 100644 --- a/2008/5xxx/CVE-2008-5110.json +++ b/2008/5xxx/CVE-2008-5110.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791" - }, - { - "name" : "[oss-security] 20081117 CVE Request (syslog-ng)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/17/3" - }, - { - "name" : "GLSA-200907-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-10.xml" - }, - { - "name" : "HPSBMA02554", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083" - }, - { - "name" : "SSRT100018", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083" - }, - { - "name" : "35748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35748" - }, - { - "name" : "40551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40551" - }, - { - "name" : "ADV-2010-1796", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100018", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083" + }, + { + "name": "HPSBMA02554", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083" + }, + { + "name": "GLSA-200907-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-10.xml" + }, + { + "name": "35748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35748" + }, + { + "name": "40551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40551" + }, + { + "name": "ADV-2010-1796", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1796" + }, + { + "name": "[oss-security] 20081117 CVE Request (syslog-ng)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/17/3" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5196.json b/2008/5xxx/CVE-2008-5196.json index 4e448e7742a..d6243262d20 100644 --- a/2008/5xxx/CVE-2008-5196.json +++ b/2008/5xxx/CVE-2008-5196.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5942", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5942" - }, - { - "name" : "29976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29976" - }, - { - "name" : "4639", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4639" - }, - { - "name" : "kroax-kroax-sql-injection(43462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5942", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5942" + }, + { + "name": "kroax-kroax-sql-injection(43462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43462" + }, + { + "name": "29976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29976" + }, + { + "name": "4639", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4639" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5209.json b/2008/5xxx/CVE-2008-5209.json index 5a0e803d430..5e163d439fe 100644 --- a/2008/5xxx/CVE-2008-5209.json +++ b/2008/5xxx/CVE-2008-5209.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5575", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5575" - }, - { - "name" : "29127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29127" - }, - { - "name" : "4625", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4625" - }, - { - "name" : "admidio-getfile-file-include(42304)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5575", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5575" + }, + { + "name": "29127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29127" + }, + { + "name": "4625", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4625" + }, + { + "name": "admidio-getfile-file-include(42304)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42304" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5681.json b/2008/5xxx/CVE-2008-5681.json index d7ebac25989..a0bac88cebf 100644 --- a/2008/5xxx/CVE-2008-5681.json +++ b/2008/5xxx/CVE-2008-5681.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 9.63 does not block unspecified \"scripted URLs\" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/linux/963/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/963/" - }, - { - "name" : "http://www.opera.com/support/kb/view/923/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/923/" - }, - { - "name" : "GLSA-200903-30", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-30.xml" - }, - { - "name" : "1021461", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021461" - }, - { - "name" : "34294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 9.63 does not block unspecified \"scripted URLs\" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/linux/963/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/963/" + }, + { + "name": "34294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34294" + }, + { + "name": "http://www.opera.com/support/kb/view/923/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/923/" + }, + { + "name": "GLSA-200903-30", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-30.xml" + }, + { + "name": "1021461", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021461" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5998.json b/2008/5xxx/CVE-2008-5998.json index ce829fdceb3..73c6d3b97e5 100644 --- a/2008/5xxx/CVE-2008-5998.json +++ b/2008/5xxx/CVE-2008-5998.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with \"update ajax checklists\" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080924 Drupal Ajax Checklist Module SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496727/100/0/threaded" - }, - { - "name" : "http://drupal.org/node/312968", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/312968" - }, - { - "name" : "31384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31384" - }, - { - "name" : "32009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32009" - }, - { - "name" : "ajaxchecklist-save-sql-injection(45410)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with \"update ajax checklists\" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080924 Drupal Ajax Checklist Module SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496727/100/0/threaded" + }, + { + "name": "32009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32009" + }, + { + "name": "http://drupal.org/node/312968", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/312968" + }, + { + "name": "31384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31384" + }, + { + "name": "ajaxchecklist-save-sql-injection(45410)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45410" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2003.json b/2011/2xxx/CVE-2011-2003.json index fc0d87ffd27..03c770627c5 100644 --- a/2011/2xxx/CVE-2011-2003.json +++ b/2011/2xxx/CVE-2011-2003.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka \"Font Library File Buffer Overrun Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-2003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-077", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077" - }, - { - "name" : "oval:org.mitre.oval:def:13103", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13103" - }, - { - "name" : "1026165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026165" - }, - { - "name" : "8473", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka \"Font Library File Buffer Overrun Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026165" + }, + { + "name": "8473", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8473" + }, + { + "name": "MS11-077", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077" + }, + { + "name": "oval:org.mitre.oval:def:13103", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13103" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2125.json b/2011/2xxx/CVE-2011-2125.json index f16c95780a9..5ab8051a827 100644 --- a/2011/2xxx/CVE-2011-2125.json +++ b/2011/2xxx/CVE-2011-2125.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Dirapix.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html" - }, - { - "name" : "TA11-166A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" - }, - { - "name" : "48308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48308" - }, - { - "name" : "73015", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73015" - }, - { - "name" : "shockwave-player-dirapix-bo(68049)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Dirapix.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73015", + "refsource": "OSVDB", + "url": "http://osvdb.org/73015" + }, + { + "name": "48308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48308" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-17.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-17.html" + }, + { + "name": "TA11-166A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" + }, + { + "name": "shockwave-player-dirapix-bo(68049)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68049" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2130.json b/2011/2xxx/CVE-2011-2130.json index 2f6841d5ea0..bb40d652185 100644 --- a/2011/2xxx/CVE-2011-2130.json +++ b/2011/2xxx/CVE-2011-2130.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-21.html" - }, - { - "name" : "RHSA-2011:1144", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1144.html" - }, - { - "name" : "SUSE-SA:2011:033", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html" - }, - { - "name" : "SUSE-SU-2011:0894", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html" - }, - { - "name" : "openSUSE-SU-2011:0897", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html" - }, - { - "name" : "TA11-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14194", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14194" - }, - { - "name" : "oval:org.mitre.oval:def:16210", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16210" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2011:033", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "TA11-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" + }, + { + "name": "oval:org.mitre.oval:def:14194", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14194" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-21.html" + }, + { + "name": "SUSE-SU-2011:0894", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html" + }, + { + "name": "RHSA-2011:1144", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1144.html" + }, + { + "name": "oval:org.mitre.oval:def:16210", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16210" + }, + { + "name": "openSUSE-SU-2011:0897", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2698.json b/2011/2xxx/CVE-2011-2698.json index b20b0087630..eb743c4c2c5 100644 --- a/2011/2xxx/CVE-2011-2698.json +++ b/2011/2xxx/CVE-2011-2698.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110719 CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/19/5" - }, - { - "name" : "[oss-security] 20110720 Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/20/2" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-10.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-11.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=723215", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=723215" - }, - { - "name" : "FEDORA-2011-9638", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html" - }, - { - "name" : "FEDORA-2011-9640", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html" - }, - { - "name" : "RHSA-2013:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0125.html" - }, - { - "name" : "49071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49071" - }, - { - "name" : "oval:org.mitre.oval:def:14610", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14610" - }, - { - "name" : "45086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45086" - }, - { - "name" : "45574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45574" - }, - { - "name" : "48947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48947" - }, - { - "name" : "wireshark-ansiamap-dos(69074)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-10.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-10.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=723215", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=723215" + }, + { + "name": "[oss-security] 20110719 CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/19/5" + }, + { + "name": "RHSA-2013:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0125.html" + }, + { + "name": "45574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45574" + }, + { + "name": "49071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49071" + }, + { + "name": "48947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48947" + }, + { + "name": "FEDORA-2011-9638", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-11.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-11.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930" + }, + { + "name": "FEDORA-2011-9640", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html" + }, + { + "name": "[oss-security] 20110720 Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/20/2" + }, + { + "name": "wireshark-ansiamap-dos(69074)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69074" + }, + { + "name": "45086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45086" + }, + { + "name": "oval:org.mitre.oval:def:14610", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14610" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3134.json b/2011/3xxx/CVE-2011-3134.json index 15ee80737c4..96c6a195528 100644 --- a/2011/3xxx/CVE-2011-3134.json +++ b/2011/3xxx/CVE-2011-3134.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt" - }, - { - "name" : "http://www.tibco.com/services/support/advisories/default.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/services/support/advisories/default.jsp" - }, - { - "name" : "1025999", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025999" - }, - { - "name" : "45864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories/default.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories/default.jsp" + }, + { + "name": "1025999", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025999" + }, + { + "name": "45864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45864" + }, + { + "name": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0209.json b/2013/0xxx/CVE-2013-0209.json index 98768fc3ddf..788a74f74fc 100644 --- a/2013/0xxx/CVE-2013-0209.json +++ b/2013/0xxx/CVE-2013-0209.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130121 Re: CVE request for Movable Type", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/01/22/3" - }, - { - "name" : "http://www.sec-1.com/blog/?p=402", - "refsource" : "MISC", - "url" : "http://www.sec-1.com/blog/?p=402" - }, - { - "name" : "http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt", - "refsource" : "MISC", - "url" : "http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt" - }, - { - "name" : "http://www.movabletype.org/2013/01/movable_type_438_patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.movabletype.org/2013/01/movable_type_438_patch.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sec-1.com/blog/?p=402", + "refsource": "MISC", + "url": "http://www.sec-1.com/blog/?p=402" + }, + { + "name": "http://www.movabletype.org/2013/01/movable_type_438_patch.html", + "refsource": "CONFIRM", + "url": "http://www.movabletype.org/2013/01/movable_type_438_patch.html" + }, + { + "name": "http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt", + "refsource": "MISC", + "url": "http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt" + }, + { + "name": "[oss-security] 20130121 Re: CVE request for Movable Type", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/01/22/3" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0255.json b/2013/0xxx/CVE-2013-0255.json index 88ed5a88a8f..435ed8a0dad 100644 --- a/2013/0xxx/CVE-2013-0255.json +++ b/2013/0xxx/CVE-2013-0255.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/docs/8.3/static/release-8-3-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/8.3/static/release-8-3-23.html" - }, - { - "name" : "http://www.postgresql.org/docs/8.4/static/release-8-4-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/8.4/static/release-8-4-16.html" - }, - { - "name" : "http://www.postgresql.org/docs/9.0/static/release-9-0-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/9.0/static/release-9-0-12.html" - }, - { - "name" : "http://www.postgresql.org/docs/9.1/static/release-9-1-8.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/9.1/static/release-9-1-8.html" - }, - { - "name" : "http://www.postgresql.org/docs/9.2/static/release-9-2-3.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/9.2/static/release-9-2-3.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=907892", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=907892" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "DSA-2630", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2630" - }, - { - "name" : "FEDORA-2013-2123", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html" - }, - { - "name" : "MDVSA-2013:142", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:142" - }, - { - "name" : "RHSA-2013:1475", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1475.html" - }, - { - "name" : "openSUSE-SU-2013:0318", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html" - }, - { - "name" : "openSUSE-SU-2013:0319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html" - }, - { - "name" : "USN-1717-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1717-1" - }, - { - "name" : "57844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57844" - }, - { - "name" : "89935", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89935" - }, - { - "name" : "1028092", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1028092" - }, - { - "name" : "51923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51923" - }, - { - "name" : "52819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52819" - }, - { - "name" : "postgresql-enumrecv-dos(81917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2013-2123", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html" + }, + { + "name": "DSA-2630", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2630" + }, + { + "name": "openSUSE-SU-2013:0319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html" + }, + { + "name": "openSUSE-SU-2013:0318", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html" + }, + { + "name": "http://www.postgresql.org/docs/8.4/static/release-8-4-16.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-16.html" + }, + { + "name": "MDVSA-2013:142", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:142" + }, + { + "name": "postgresql-enumrecv-dos(81917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81917" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=907892", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907892" + }, + { + "name": "51923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51923" + }, + { + "name": "http://www.postgresql.org/docs/9.1/static/release-9-1-8.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-8.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "57844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57844" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index" + }, + { + "name": "USN-1717-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1717-1" + }, + { + "name": "1028092", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1028092" + }, + { + "name": "http://www.postgresql.org/docs/8.3/static/release-8-3-23.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-23.html" + }, + { + "name": "89935", + "refsource": "OSVDB", + "url": "http://osvdb.org/89935" + }, + { + "name": "RHSA-2013:1475", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1475.html" + }, + { + "name": "http://www.postgresql.org/docs/9.2/static/release-9-2-3.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/9.2/static/release-9-2-3.html" + }, + { + "name": "http://www.postgresql.org/docs/9.0/static/release-9-0-12.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-12.html" + }, + { + "name": "52819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52819" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0558.json b/2013/0xxx/CVE-2013-0558.json index 469b623aaec..8cb92c1e0f5 100644 --- a/2013/0xxx/CVE-2013-0558.json +++ b/2013/0xxx/CVE-2013-0558.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive information about application implementation via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" - }, - { - "name" : "IC90483", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90483" - }, - { - "name" : "sterling-b2b-cve20130558-infodisc(83006)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive information about application implementation via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IC90483", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90483" + }, + { + "name": "sterling-b2b-cve20130558-infodisc(83006)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83006" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1231.json b/2013/1xxx/CVE-2013-1231.json index 68555b60def..55c0b39545b 100644 --- a/2013/1xxx/CVE-2013-1231.json +++ b/2013/1xxx/CVE-2013-1231.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130502 Cisco WebEx Cache Directory Read Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130502 Cisco WebEx Cache Directory Read Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1231" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1251.json b/2013/1xxx/CVE-2013-1251.json index 675a4762f35..0cd5556a7da 100644 --- a/2013/1xxx/CVE-2013-1251.json +++ b/2013/1xxx/CVE-2013-1251.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-016", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16408", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-016", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016" + }, + { + "name": "oval:org.mitre.oval:def:16408", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16408" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1291.json b/2013/1xxx/CVE-2013-1291.json index 947f09a541b..04b09f6a81d 100644 --- a/2013/1xxx/CVE-2013-1291.json +++ b/2013/1xxx/CVE-2013-1291.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka \"OpenType Font Parsing Vulnerability\" or \"Win32k Font Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-036", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-036" - }, - { - "name" : "oval:org.mitre.oval:def:16504", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka \"OpenType Font Parsing Vulnerability\" or \"Win32k Font Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16504", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16504" + }, + { + "name": "MS13-036", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-036" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1296.json b/2013/1xxx/CVE-2013-1296.json index c6d5836071c..ab7c26a4867 100644 --- a/2013/1xxx/CVE-2013-1296.json +++ b/2013/1xxx/CVE-2013-1296.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka \"RDP ActiveX Control Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-029", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-029" - }, - { - "name" : "TA13-100A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-100A" - }, - { - "name" : "oval:org.mitre.oval:def:16598", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka \"RDP ActiveX Control Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-100A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-100A" + }, + { + "name": "oval:org.mitre.oval:def:16598", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16598" + }, + { + "name": "MS13-029", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-029" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1901.json b/2013/1xxx/CVE-2013-1901.json index 0f6149b04e6..0bf38c4fd14 100644 --- a/2013/1xxx/CVE-2013-1901.json +++ b/2013/1xxx/CVE-2013-1901.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/about/news/1456/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news/1456/" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-9-1-9.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-9-1-9.html" - }, - { - "name" : "http://www.postgresql.org/docs/current/static/release-9-2-4.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/current/static/release-9-2-4.html" - }, - { - "name" : "http://support.apple.com/kb/HT5880", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5880" - }, - { - "name" : "http://support.apple.com/kb/HT5892", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5892" - }, - { - "name" : "APPLE-SA-2013-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" - }, - { - "name" : "APPLE-SA-2013-09-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html" - }, - { - "name" : "DSA-2658", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2658" - }, - { - "name" : "FEDORA-2013-5000", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html" - }, - { - "name" : "FEDORA-2013-6148", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html" - }, - { - "name" : "MDVSA-2013:142", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:142" - }, - { - "name" : "SUSE-SU-2013:0633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:0627", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0628", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html" - }, - { - "name" : "openSUSE-SU-2013:0635", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html" - }, - { - "name" : "USN-1789-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1789-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.postgresql.org/docs/current/static/release-9-2-4.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-4.html" + }, + { + "name": "http://www.postgresql.org/about/news/1456/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news/1456/" + }, + { + "name": "openSUSE-SU-2013:0628", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html" + }, + { + "name": "openSUSE-SU-2013:0635", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html" + }, + { + "name": "MDVSA-2013:142", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:142" + }, + { + "name": "http://support.apple.com/kb/HT5892", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5892" + }, + { + "name": "USN-1789-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1789-1" + }, + { + "name": "APPLE-SA-2013-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" + }, + { + "name": "FEDORA-2013-6148", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html" + }, + { + "name": "APPLE-SA-2013-09-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html" + }, + { + "name": "http://www.postgresql.org/docs/current/static/release-9-1-9.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-9.html" + }, + { + "name": "SUSE-SU-2013:0633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html" + }, + { + "name": "DSA-2658", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2658" + }, + { + "name": "openSUSE-SU-2013:0627", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html" + }, + { + "name": "FEDORA-2013-5000", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html" + }, + { + "name": "http://support.apple.com/kb/HT5880", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5880" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4425.json b/2013/4xxx/CVE-2013-4425.json index 46a39a125d9..f8cb1f35302 100644 --- a/2013/4xxx/CVE-2013-4425.json +++ b/2013/4xxx/CVE-2013-4425.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using \"SuperSecretPassword\" as the hardcoded password, which allows local users to obtain the private key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131106 CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html" - }, - { - "name" : "63566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63566" - }, - { - "name" : "99518", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99518" - }, - { - "name" : "osirix-cve20134425-info-disc(88606)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using \"SuperSecretPassword\" as the hardcoded password, which allows local users to obtain the private key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99518", + "refsource": "OSVDB", + "url": "http://osvdb.org/99518" + }, + { + "name": "20131106 CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html" + }, + { + "name": "63566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63566" + }, + { + "name": "osirix-cve20134425-info-disc(88606)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88606" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4564.json b/2013/4xxx/CVE-2013-4564.json index 055c2a977fe..ac1519d8a41 100644 --- a/2013/4xxx/CVE-2013-4564.json +++ b/2013/4xxx/CVE-2013-4564.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Swan-announce] 20131211 Libreswan 3.7 released", - "refsource" : "MLIST", - "url" : "https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html" - }, - { - "name" : "https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc", - "refsource" : "CONFIRM", - "url" : "https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc" - }, - { - "name" : "FEDORA-2013-23250", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124943.html" - }, - { - "name" : "FEDORA-2013-23299", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124911.html" - }, - { - "name" : "FEDORA-2013-23315", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124928.html" - }, - { - "name" : "56276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56276" + }, + { + "name": "[Swan-announce] 20131211 Libreswan 3.7 released", + "refsource": "MLIST", + "url": "https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html" + }, + { + "name": "FEDORA-2013-23315", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124928.html" + }, + { + "name": "https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc", + "refsource": "CONFIRM", + "url": "https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc" + }, + { + "name": "FEDORA-2013-23250", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124943.html" + }, + { + "name": "FEDORA-2013-23299", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124911.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4683.json b/2013/4xxx/CVE-2013-4683.json index f070726969a..6fecf775e2b 100644 --- a/2013/4xxx/CVE-2013-4683.json +++ b/2013/4xxx/CVE-2013-4683.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/" - }, - { - "name" : "93806", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/93806" - }, - { - "name" : "typo3-metafeedit-unspecified-sql-injection(84661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-metafeedit-unspecified-sql-injection(84661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84661" + }, + { + "name": "93806", + "refsource": "OSVDB", + "url": "http://osvdb.org/93806" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5411.json b/2013/5xxx/CVE-2013-5411.json index db35e2f8cb1..f3b2bb27a41 100644 --- a/2013/5xxx/CVE-2013-5411.json +++ b/2013/5xxx/CVE-2013-5411.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657539" - }, - { - "name" : "IC96059", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96059" - }, - { - "name" : "ibm-sterling-cve20135411-link-inj(87360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sterling-cve20135411-link-inj(87360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87360" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539" + }, + { + "name": "IC96059", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96059" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5505.json b/2013/5xxx/CVE-2013-5505.json index 9d48748cec0..fe97c23418f 100644 --- a/2013/5xxx/CVE-2013-5505.json +++ b/2013/5xxx/CVE-2013-5505.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31008", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31008" - }, - { - "name" : "20130927 Cisco Identity Services Engine Administration Interface Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505" - }, - { - "name" : "62693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62693" - }, - { - "name" : "97875", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97875" - }, - { - "name" : "1029111", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029111" - }, - { - "name" : "54626", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54626" - }, - { - "name" : "cisco-ise-cve20135505-xss(87530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54626", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54626" + }, + { + "name": "20130927 Cisco Identity Services Engine Administration Interface Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505" + }, + { + "name": "cisco-ise-cve20135505-xss(87530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87530" + }, + { + "name": "97875", + "refsource": "OSVDB", + "url": "http://osvdb.org/97875" + }, + { + "name": "1029111", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029111" + }, + { + "name": "62693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62693" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31008", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31008" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000226.json b/2017/1000xxx/CVE-2017-1000226.json index 31b0fd89bac..ccc07cbc5b2 100644 --- a/2017/1000xxx/CVE-2017-1000226.json +++ b/2017/1000xxx/CVE-2017-1000226.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.455673", - "ID" : "CVE-2017-1000226", - "REQUESTER" : "tom@dxw.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Stop User Enumeration", - "version" : { - "version_data" : [ - { - "version_value" : "1.3.8" - } - ] - } - } - ] - }, - "vendor_name" : "Fullworks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stop User Enumeration 1.3.8 allows user enumeration via the REST API" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.455673", + "ID": "CVE-2017-1000226", + "REQUESTER": "tom@dxw.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.dxw.com/advisories/stop-user-enumeration-rest-api/", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/stop-user-enumeration-rest-api/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stop User Enumeration 1.3.8 allows user enumeration via the REST API" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.dxw.com/advisories/stop-user-enumeration-rest-api/", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/stop-user-enumeration-rest-api/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000405.json b/2017/1000xxx/CVE-2017-1000405.json index fde77ba5edb..e6cbad6cca6 100644 --- a/2017/1000xxx/CVE-2017-1000405.json +++ b/2017/1000xxx/CVE-2017-1000405.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-11-22", - "ID" : "CVE-2017-1000405", - "REQUESTER" : "contact@bindecy.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "2.6.38 through 4.14" - } - ] - } - } - ] - }, - "vendor_name" : "Linux Kernel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original \"Dirty cow\" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "memory overwrite" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-11-22", + "ID": "CVE-2017-1000405", + "REQUESTER": "contact@bindecy.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43199", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43199/" - }, - { - "name" : "https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0", - "refsource" : "MISC", - "url" : "https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" - }, - { - "name" : "RHSA-2018:0180", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0180" - }, - { - "name" : "102032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102032" - }, - { - "name" : "1040020", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original \"Dirty cow\" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102032" + }, + { + "name": "RHSA-2018:0180", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0180" + }, + { + "name": "https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0", + "refsource": "MISC", + "url": "https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" + }, + { + "name": "1040020", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040020" + }, + { + "name": "43199", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43199/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12036.json b/2017/12xxx/CVE-2017-12036.json index adf816e5f72..ef221764243 100644 --- a/2017/12xxx/CVE-2017-12036.json +++ b/2017/12xxx/CVE-2017-12036.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12036", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12036", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12341.json b/2017/12xxx/CVE-2017-12341.json index cd97ccabbcc..afbb3e2b982 100644 --- a/2017/12xxx/CVE-2017-12341.json +++ b/2017/12xxx/CVE-2017-12341.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco NX-OS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco NX-OS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the installation of a software patch. An attacker could exploit this vulnerability by installing a crafted patch image with the vulnerable operation occurring prior to patch activation. An exploit could allow the attacker to execute arbitrary commands on an affected system as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf23735, CSCvg04072." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco NX-OS", + "version": { + "version_data": [ + { + "version_value": "Cisco NX-OS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8" - }, - { - "name" : "1039939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the installation of a software patch. An attacker could exploit this vulnerability by installing a crafted patch image with the vulnerable operation occurring prior to patch activation. An exploit could allow the attacker to execute arbitrary commands on an affected system as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf23735, CSCvg04072." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8" + }, + { + "name": "1039939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039939" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12675.json b/2017/12xxx/CVE-2017-12675.json index 8957bbae29c..e81aa4ca738 100644 --- a/2017/12xxx/CVE-2017-12675.json +++ b/2017/12xxx/CVE-2017-12675.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/616", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/616", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/616" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12732.json b/2017/12xxx/CVE-2017-12732.json index 3dabc9a64e9..7b9b102a910 100644 --- a/2017/12xxx/CVE-2017-12732.json +++ b/2017/12xxx/CVE-2017-12732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-12732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GE CIMPLICITY", - "version" : { - "version_data" : [ - { - "version_value" : "GE CIMPLICITY" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-12732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GE CIMPLICITY", + "version": { + "version_data": [ + { + "version_value": "GE CIMPLICITY" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01" - }, - { - "name" : "101174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101174" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13081.json b/2017/13xxx/CVE-2017-13081.json index 2d8899f794f..142e8632b4c 100644 --- a/2017/13xxx/CVE-2017-13081.json +++ b/2017/13xxx/CVE-2017-13081.json @@ -1,190 +1,190 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-13081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Wi-Fi Protected Access (WPA and WPA2)", - "version" : { - "version_data" : [ - { - "version_value" : "WPA" - }, - { - "version_value" : "WPA2" - } - ] - } - } - ] - }, - "vendor_name" : "Wi-Fi Alliance" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-323: Reusing a Nonce, Key Pair in Encryption" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wi-Fi Protected Access (WPA and WPA2)", + "version": { + "version_data": [ + { + "version_value": "WPA" + }, + { + "version_value": "WPA2" + } + ] + } + } + ] + }, + "vendor_name": "Wi-Fi Alliance" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html" - }, - { - "name" : "https://www.krackattacks.com/", - "refsource" : "MISC", - "url" : "https://www.krackattacks.com/" - }, - { - "name" : "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt", - "refsource" : "MISC", - "url" : "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt" - }, - { - "name" : "https://access.redhat.com/security/vulnerabilities/kracks", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/vulnerabilities/kracks" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf" - }, - { - "name" : "https://cert.vde.com/en-us/advisories/vde-2017-005", - "refsource" : "CONFIRM", - "url" : "https://cert.vde.com/en-us/advisories/vde-2017-005" - }, - { - "name" : "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa" - }, - { - "name" : "DSA-3999", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3999" - }, - { - "name" : "FreeBSD-SA-17:07", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc" - }, - { - "name" : "GLSA-201711-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-03" - }, - { - "name" : "SUSE-SU-2017:2745", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html" - }, - { - "name" : "SUSE-SU-2017:2752", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html" - }, - { - "name" : "openSUSE-SU-2017:2755", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html" - }, - { - "name" : "USN-3455-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3455-1" - }, - { - "name" : "VU#228519", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/228519" - }, - { - "name" : "101274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101274" - }, - { - "name" : "1039573", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039573" - }, - { - "name" : "1039576", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039576" - }, - { - "name" : "1039577", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039577" - }, - { - "name" : "1039578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039578" - }, - { - "name" : "1039581", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039581" - }, - { - "name" : "1039585", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-323: Reusing a Nonce, Key Pair in Encryption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039581", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039581" + }, + { + "name": "101274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101274" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "SUSE-SU-2017:2745", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html" + }, + { + "name": "DSA-3999", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3999" + }, + { + "name": "1039578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039578" + }, + { + "name": "https://access.redhat.com/security/vulnerabilities/kracks", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/vulnerabilities/kracks" + }, + { + "name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa" + }, + { + "name": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt", + "refsource": "MISC", + "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt" + }, + { + "name": "1039577", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039577" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03792en_us" + }, + { + "name": "openSUSE-SU-2017:2755", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html" + }, + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + }, + { + "name": "GLSA-201711-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-03" + }, + { + "name": "FreeBSD-SA-17:07", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc" + }, + { + "name": "https://www.krackattacks.com/", + "refsource": "MISC", + "url": "https://www.krackattacks.com/" + }, + { + "name": "1039573", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039573" + }, + { + "name": "SUSE-SU-2017:2752", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html" + }, + { + "name": "1039576", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039576" + }, + { + "name": "1039585", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039585" + }, + { + "name": "VU#228519", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/228519" + }, + { + "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf" + }, + { + "name": "https://cert.vde.com/en-us/advisories/vde-2017-005", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en-us/advisories/vde-2017-005" + }, + { + "name": "USN-3455-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3455-1" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13548.json b/2017/13xxx/CVE-2017-13548.json index 2215fe0ebc5..94f8d1fb6cf 100644 --- a/2017/13xxx/CVE-2017-13548.json +++ b/2017/13xxx/CVE-2017-13548.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13548", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13548", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13686.json b/2017/13xxx/CVE-2017-13686.json index 07149d1d742..a75f1a2a35b 100644 --- a/2017/13xxx/CVE-2017-13686.json +++ b/2017/13xxx/CVE-2017-13686.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205" - }, - { - "name" : "https://github.com/torvalds/linux/commit/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13985.json b/2017/13xxx/CVE-2017-13985.json index 07cf9215e94..7a5e1c8cc38 100644 --- a/2017/13xxx/CVE-2017-13985.json +++ b/2017/13xxx/CVE-2017-13985.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2017-13985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2017-13985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-17-721/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-17-721/" - }, - { - "name" : "https://softwaresupport.hpe.com/km/KM02942065", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.hpe.com/km/KM02942065" - }, - { - "name" : "ESB-2017.2274", - "refsource" : "AUSCERT", - "url" : "https://www.auscert.org.au/bulletins/52154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-17-721/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-17-721/" + }, + { + "name": "https://softwaresupport.hpe.com/km/KM02942065", + "refsource": "CONFIRM", + "url": "https://softwaresupport.hpe.com/km/KM02942065" + }, + { + "name": "ESB-2017.2274", + "refsource": "AUSCERT", + "url": "https://www.auscert.org.au/bulletins/52154" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16814.json b/2017/16xxx/CVE-2017-16814.json index 7814f98f4dd..fc0f8879e92 100644 --- a/2017/16xxx/CVE-2017-16814.json +++ b/2017/16xxx/CVE-2017-16814.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs by abusing the URL + escape character during a Wi-Fi transfer, which could be exploited by attackers to bypass intended restrictions on local application files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs by abusing the URL + escape character during a Wi-Fi transfer, which could be exploited by attackers to bypass intended restrictions on local application files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4054.json b/2017/4xxx/CVE-2017-4054.json index 167071d2e35..a1d6ccadd20 100644 --- a/2017/4xxx/CVE-2017-4054.json +++ b/2017/4xxx/CVE-2017-4054.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-4054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Threat Defense (ATD)", - "version" : { - "version_data" : [ - { - "version_value" : "3.10" - }, - { - "version_value" : "3.8" - }, - { - "version_value" : "3.6" - }, - { - "version_value" : "3.6" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-4054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Threat Defense (ATD)", + "version": { + "version_data": [ + { + "version_value": "3.10" + }, + { + "version_value": "3.8" + }, + { + "version_value": "3.6" + }, + { + "version_value": "3.6" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10204", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10204" - }, - { - "name" : "99559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99559" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10204", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10204" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4512.json b/2017/4xxx/CVE-2017-4512.json index 2037ad27bd7..707930f4d24 100644 --- a/2017/4xxx/CVE-2017-4512.json +++ b/2017/4xxx/CVE-2017-4512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4512", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4512", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4603.json b/2017/4xxx/CVE-2017-4603.json index 4f21f989cf8..9a82e5d5bc3 100644 --- a/2017/4xxx/CVE-2017-4603.json +++ b/2017/4xxx/CVE-2017-4603.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4603", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4603", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4922.json b/2017/4xxx/CVE-2017-4922.json index 4d26d945d45..a6ed655e765 100644 --- a/2017/4xxx/CVE-2017-4922.json +++ b/2017/4xxx/CVE-2017-4922.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2017-4922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2017-4922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2017-0013.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2017-0013.html" - }, - { - "name" : "100012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100012" - }, - { - "name" : "1039013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100012" + }, + { + "name": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html" + }, + { + "name": "1039013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039013" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18460.json b/2018/18xxx/CVE-2018-18460.json index d34ca509b32..d1f8f55b21d 100644 --- a/2018/18xxx/CVE-2018-18460.json +++ b/2018/18xxx/CVE-2018-18460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rakjong/vuln/blob/master/wordpress_wp-live-chat-support_XSS.pdf", - "refsource" : "MISC", - "url" : "https://github.com/rakjong/vuln/blob/master/wordpress_wp-live-chat-support_XSS.pdf" - }, - { - "name" : "https://wordpress.org/plugins/wp-live-chat-support/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/wp-live-chat-support/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wp-live-chat-support/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/wp-live-chat-support/#developers" + }, + { + "name": "https://github.com/rakjong/vuln/blob/master/wordpress_wp-live-chat-support_XSS.pdf", + "refsource": "MISC", + "url": "https://github.com/rakjong/vuln/blob/master/wordpress_wp-live-chat-support_XSS.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18588.json b/2018/18xxx/CVE-2018-18588.json index 3b9f275a84e..bd72ab6c124 100644 --- a/2018/18xxx/CVE-2018-18588.json +++ b/2018/18xxx/CVE-2018-18588.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18588", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18588", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18590.json b/2018/18xxx/CVE-2018-18590.json index 6650e23c246..259c9ebf08b 100644 --- a/2018/18xxx/CVE-2018-18590.json +++ b/2018/18xxx/CVE-2018-18590.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2018-11-07T14:30:00.000Z", - "ID" : "CVE-2018-18590", - "STATE" : "PUBLIC", - "TITLE" : "MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-11-07T14:30:00.000Z", + "ID": "CVE-2018-18590", + "STATE": "PUBLIC", + "TITLE": "MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Operation Bridge Containerized Suite", + "version": { + "version_data": [ + { + "version_value": "2017.11, 2018.02, 2018.05, 2018.08" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Operation Bridge Containerized Suite", - "version" : { - "version_data" : [ - { - "version_value" : "2017.11, 2018.02, 2018.05, 2018.08" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" + "lang": "eng", + "value": "A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure." } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - }, - { - "lang" : "eng", - "value" : "Remote Information Disclosure" - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "ADJACENT_NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.6, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Disclosure of Information" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Remote Code Execution" + }, + { + "lang": "eng", + "value": "Remote Information Disclosure" + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Remote Disclosure of Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18955.json b/2018/18xxx/CVE-2018-18955.json index d060f2a4308..2e96f988d2d 100644 --- a/2018/18xxx/CVE-2018-18955.json +++ b/2018/18xxx/CVE-2018-18955.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45886", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45886/" - }, - { - "name" : "45915", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45915/" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712" - }, - { - "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19", - "refsource" : "MISC", - "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19" - }, - { - "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2", - "refsource" : "MISC", - "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2" - }, - { - "name" : "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd" - }, - { - "name" : "USN-3832-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3832-1/" - }, - { - "name" : "USN-3833-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3833-1/" - }, - { - "name" : "USN-3835-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3835-1/" - }, - { - "name" : "USN-3836-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3836-1/" - }, - { - "name" : "USN-3836-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3836-2/" - }, - { - "name" : "105941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd" + }, + { + "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19", + "refsource": "MISC", + "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19" + }, + { + "name": "USN-3836-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3836-2/" + }, + { + "name": "USN-3835-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3835-1/" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd" + }, + { + "name": "USN-3833-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3833-1/" + }, + { + "name": "USN-3832-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3832-1/" + }, + { + "name": "45915", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45915/" + }, + { + "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2", + "refsource": "MISC", + "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2" + }, + { + "name": "45886", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45886/" + }, + { + "name": "USN-3836-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3836-1/" + }, + { + "name": "105941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105941" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1334.json b/2018/1xxx/CVE-2018-1334.json index 793d1414e5a..6cac3efc41e 100644 --- a/2018/1xxx/CVE-2018-1334.json +++ b/2018/1xxx/CVE-2018-1334.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-07-11T00:00:00", - "ID" : "CVE-2018-1334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Spark", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0 to 2.1.2" - }, - { - "version_value" : "2.2.0 to 2.2.1" - }, - { - "version_value" : "2.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-07-11T00:00:00", + "ID": "CVE-2018-1334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Spark", + "version": { + "version_data": [ + { + "version_value": "1.0.0 to 2.1.2" + }, + { + "version_value": "2.2.0 to 2.2.1" + }, + { + "version_value": "2.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20180711 CVE-2018-1334 Apache Spark local privilege escalation vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E" - }, - { - "name" : "https://spark.apache.org/security.html#CVE-2018-1334", - "refsource" : "CONFIRM", - "url" : "https://spark.apache.org/security.html#CVE-2018-1334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://spark.apache.org/security.html#CVE-2018-1334", + "refsource": "CONFIRM", + "url": "https://spark.apache.org/security.html#CVE-2018-1334" + }, + { + "name": "[dev] 20180711 CVE-2018-1334 Apache Spark local privilege escalation vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5194.json b/2018/5xxx/CVE-2018-5194.json index 9380d09c135..f9f56113de1 100644 --- a/2018/5xxx/CVE-2018-5194.json +++ b/2018/5xxx/CVE-2018-5194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5429.json b/2018/5xxx/CVE-2018-5429.json index 59aa80796c4..9c89142060d 100644 --- a/2018/5xxx/CVE-2018-5429.json +++ b/2018/5xxx/CVE-2018-5429.json @@ -1,264 +1,264 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2018-04-17T09:00:00-07", - "ID" : "CVE-2018-5429", - "STATE" : "PUBLIC", - "TITLE" : "TIBCO JasperReports Library Code Sandboxing Problem" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIBCO JasperReports Server", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.2.4" - }, - { - "affected" : "=", - "version_value" : "6.3.0" - }, - { - "affected" : "=", - "version_value" : "6.3.2" - }, - { - "affected" : "=", - "version_value" : "6.3.3" - }, - { - "affected" : "=", - "version_value" : "6.4.0" - }, - { - "affected" : "=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Server Community Edition", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Server for ActiveMatrix BPM", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Library", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.2.4" - }, - { - "affected" : "=", - "version_value" : "6.3.0" - }, - { - "affected" : "=", - "version_value" : "6.3.2" - }, - { - "affected" : "=", - "version_value" : "6.3.3" - }, - { - "affected" : "=", - "version_value" : "6.4.0" - }, - { - "affected" : "=", - "version_value" : "6.4.1" - }, - { - "affected" : "=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Library Community Edition", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.3" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Library for ActiveMatrix BPM", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO Jaspersoft for AWS with Multi-Tenancy", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO Jaspersoft Reporting and Analytics for AWS", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO Jaspersoft Studio", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.2.4" - }, - { - "affected" : "=", - "version_value" : "6.3.0" - }, - { - "affected" : "=", - "version_value" : "6.3.2" - }, - { - "affected" : "=", - "version_value" : "6.3.3" - }, - { - "affected" : "=", - "version_value" : "6.4.0" - }, - { - "affected" : "=", - "version_value" : "6.4.2" - } - ] - } - }, - { - "product_name" : "TIBCO Jaspersoft Studio Community Edition", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.3" - } - ] - } - }, - { - "product_name" : "TIBCO Jaspersoft Studio for ActiveMatrix BPM", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.2" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The impact of this vulnerability includes the possibility of arbitrary code execution with the privileges of the operation system process that contains the affected component." - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2018-04-17T09:00:00-07", + "ID": "CVE-2018-5429", + "STATE": "PUBLIC", + "TITLE": "TIBCO JasperReports Library Code Sandboxing Problem" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO JasperReports Server", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.2.4" + }, + { + "affected": "=", + "version_value": "6.3.0" + }, + { + "affected": "=", + "version_value": "6.3.2" + }, + { + "affected": "=", + "version_value": "6.3.3" + }, + { + "affected": "=", + "version_value": "6.4.0" + }, + { + "affected": "=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Server Community Edition", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Server for ActiveMatrix BPM", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Library", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.2.4" + }, + { + "affected": "=", + "version_value": "6.3.0" + }, + { + "affected": "=", + "version_value": "6.3.2" + }, + { + "affected": "=", + "version_value": "6.3.3" + }, + { + "affected": "=", + "version_value": "6.4.0" + }, + { + "affected": "=", + "version_value": "6.4.1" + }, + { + "affected": "=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Library Community Edition", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.3" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Library for ActiveMatrix BPM", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO Jaspersoft Studio", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.2.4" + }, + { + "affected": "=", + "version_value": "6.3.0" + }, + { + "affected": "=", + "version_value": "6.3.2" + }, + { + "affected": "=", + "version_value": "6.3.3" + }, + { + "affected": "=", + "version_value": "6.4.0" + }, + { + "affected": "=", + "version_value": "6.4.2" + } + ] + } + }, + { + "product_name": "TIBCO Jaspersoft Studio Community Edition", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.3" + } + ] + } + }, + { + "product_name": "TIBCO Jaspersoft Studio for ActiveMatrix BPM", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.2" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Library versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Studio versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO Jaspersoft Studio versions 6.4.0, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21 or higher\n" - } - ], - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the possibility of arbitrary code execution with the privileges of the operation system process that contains the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Library versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Library versions 6.4.0, 6.4.1, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Studio versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO Jaspersoft Studio versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO Jaspersoft Studio versions 6.4.0, and 6.4.2 update to version 6.4.21 or higher\n\nTIBCO Jaspersoft Studio Community Edition versions 6.4.3 and below update to version 6.5.0 or higher\n\nTIBCO Jaspersoft Studio for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.21 or higher\n" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5758.json b/2018/5xxx/CVE-2018-5758.json index 3f6ab82ed59..35ca2cc13af 100644 --- a/2018/5xxx/CVE-2018-5758.json +++ b/2018/5xxx/CVE-2018-5758.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://rhinosecuritylabs.com/research/xml-external-entity-injection-xxe-cve-2018-5758/", - "refsource" : "MISC", - "url" : "https://rhinosecuritylabs.com/research/xml-external-entity-injection-xxe-cve-2018-5758/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rhinosecuritylabs.com/research/xml-external-entity-injection-xxe-cve-2018-5758/", + "refsource": "MISC", + "url": "https://rhinosecuritylabs.com/research/xml-external-entity-injection-xxe-cve-2018-5758/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5981.json b/2018/5xxx/CVE-2018-5981.json index e73a423a7df..7b0ea7112b2 100644 --- a/2018/5xxx/CVE-2018-5981.json +++ b/2018/5xxx/CVE-2018-5981.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44112", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/44112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44112", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/44112" + } + ] + } +} \ No newline at end of file