diff --git a/2001/0xxx/CVE-2001-0260.json b/2001/0xxx/CVE-2001-0260.json index 7a0dbcc95b3..c9ee0ea1484 100644 --- a/2001/0xxx/CVE-2001-0260.json +++ b/2001/0xxx/CVE-2001-0260.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long \"RCPT TO\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010123 [SAFER] Security Bulletin 010123.EXP.1.10", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0360.html" - }, - { - "name" : "lotus-domino-smtp-bo(5993)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5993" - }, - { - "name" : "2283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2283" - }, - { - "name" : "3321", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long \"RCPT TO\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2283" + }, + { + "name": "20010123 [SAFER] Security Bulletin 010123.EXP.1.10", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0360.html" + }, + { + "name": "3321", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3321" + }, + { + "name": "lotus-domino-smtp-bo(5993)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5993" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0393.json b/2001/0xxx/CVE-2001-0393.json index 2ebe3ceb03b..d87260dd232 100644 --- a/2001/0xxx/CVE-2001-0393.json +++ b/2001/0xxx/CVE-2001-0393.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010404 Re: def-2001-17: Navision Financials Server DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98637870623514&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010404 Re: def-2001-17: Navision Financials Server DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98637870623514&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0399.json b/2001/0xxx/CVE-2001-0399.json index 7674298acf6..78f246bfc16 100644 --- a/2001/0xxx/CVE-2001-0399.json +++ b/2001/0xxx/CVE-2001-0399.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010403 CHINANSL Security Advisory(CSA-200111)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98633597813833&w=2" - }, - { - "name" : "2533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2533" + }, + { + "name": "20010403 CHINANSL Security Advisory(CSA-200111)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98633597813833&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0492.json b/2001/0xxx/CVE-2001-0492.json index 1792c4106d0..e424d795e9b 100644 --- a/2001/0xxx/CVE-2001-0492.json +++ b/2001/0xxx/CVE-2001-0492.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010424 Advisory for Netcruiser", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0427.html" - }, - { - "name" : "2650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2650" - }, - { - "name" : "netcruiser-server-path-disclosure(6468)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2650" + }, + { + "name": "20010424 Advisory for Netcruiser", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0427.html" + }, + { + "name": "netcruiser-server-path-disclosure(6468)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6468" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0505.json b/2001/0xxx/CVE-2001-0505.json index 6d1c1457a02..2191d6c47fa 100644 --- a/2001/0xxx/CVE-2001-0505.json +++ b/2001/0xxx/CVE-2001-0505.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-039" - }, - { - "name" : "VU#581603", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/581603" - }, - { - "name" : "VU#994851", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/994851" - }, - { - "name" : "3089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3089" - }, - { - "name" : "sfu-nfs-dos(6882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6882" - }, - { - "name" : "sfu-telnet-dos(6883)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sfu-nfs-dos(6882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6882" + }, + { + "name": "VU#994851", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/994851" + }, + { + "name": "VU#581603", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/581603" + }, + { + "name": "sfu-telnet-dos(6883)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6883" + }, + { + "name": "MS01-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-039" + }, + { + "name": "3089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3089" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0592.json b/2001/0xxx/CVE-2001-0592.json index b62e42abd93..10cd54041c8 100644 --- a/2001/0xxx/CVE-2001-0592.json +++ b/2001/0xxx/CVE-2001-0592.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010405 def-2001-18: Watchguard Firebox II Kernel DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0054.html" - }, - { - "name" : "firebox-kernel-dos(6327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010405 def-2001-18: Watchguard Firebox II Kernel DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0054.html" + }, + { + "name": "firebox-kernel-dos(6327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6327" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0648.json b/2001/0xxx/CVE-2001-0648.json index 0b38d14adff..7d0583bafe0 100644 --- a/2001/0xxx/CVE-2001-0648.json +++ b/2001/0xxx/CVE-2001-0648.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010508 security hole in os groupware suite PHProjekt", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/184215" - }, - { - "name" : "2702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2702" - }, - { - "name" : "phprojekt-dot-directory-traversal(6522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010508 security hole in os groupware suite PHProjekt", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/184215" + }, + { + "name": "phprojekt-dot-directory-traversal(6522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6522" + }, + { + "name": "2702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2702" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1571.json b/2001/1xxx/CVE-2001-1571.json index ff9b34c8fb3..b0402f04f44 100644 --- a/2001/1xxx/CVE-2001-1571.json +++ b/2001/1xxx/CVE-2001-1571.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011220 Windows XP security concerns", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-12/0213.html" - }, - { - "name" : "3720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3720" - }, - { - "name" : "winxp-remote-desktop-username(7732)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7732.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "winxp-remote-desktop-username(7732)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7732.php" + }, + { + "name": "3720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3720" + }, + { + "name": "20011220 Windows XP security concerns", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0213.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2531.json b/2006/2xxx/CVE-2006-2531.json index c4c9413f3ae..954e27abd5a 100644 --- a/2006/2xxx/CVE-2006-2531.json +++ b/2006/2xxx/CVE-2006-2531.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to \"Ipswitch/1.0\" and the User-Application header to \"NmConsole\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060517 What's Up Professional Spoofing Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434247/100/0/threaded" - }, - { - "name" : "20060517 Re: [Full-disclosure] What's Up Professional Spoofing Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434447/100/0/threaded" - }, - { - "name" : "http://www.ftusecurity.com/pub/whatsup.public.pdf", - "refsource" : "MISC", - "url" : "http://www.ftusecurity.com/pub/whatsup.public.pdf" - }, - { - "name" : "18019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18019" - }, - { - "name" : "ADV-2006-1849", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1849" - }, - { - "name" : "whatsup-http-auth-bypass(26529)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to \"Ipswitch/1.0\" and the User-Application header to \"NmConsole\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060517 What's Up Professional Spoofing Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434247/100/0/threaded" + }, + { + "name": "20060517 Re: [Full-disclosure] What's Up Professional Spoofing Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434447/100/0/threaded" + }, + { + "name": "ADV-2006-1849", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1849" + }, + { + "name": "http://www.ftusecurity.com/pub/whatsup.public.pdf", + "refsource": "MISC", + "url": "http://www.ftusecurity.com/pub/whatsup.public.pdf" + }, + { + "name": "18019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18019" + }, + { + "name": "whatsup-http-auth-bypass(26529)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26529" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2540.json b/2006/2xxx/CVE-2006-2540.json index c158bb4fd90..f3f64f2f878 100644 --- a/2006/2xxx/CVE-2006-2540.json +++ b/2006/2xxx/CVE-2006-2540.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060517 [Info Disclosure] Diesel PHP Job Site Latest Version", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434369/100/0/threaded" - }, - { - "name" : "20060530 Re: [Info Disclosure] Diesel PHP Job Site Latest Version", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435382/100/0/threaded" - }, - { - "name" : "20060531 Re: [Info Disclosure] Diesel PHP Job Site Latest Version", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435408/100/0/threaded" - }, - { - "name" : "20142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060517 [Info Disclosure] Diesel PHP Job Site Latest Version", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434369/100/0/threaded" + }, + { + "name": "20060531 Re: [Info Disclosure] Diesel PHP Job Site Latest Version", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435408/100/0/threaded" + }, + { + "name": "20060530 Re: [Info Disclosure] Diesel PHP Job Site Latest Version", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435382/100/0/threaded" + }, + { + "name": "20142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20142" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1673.json b/2008/1xxx/CVE-2008-1673.json index f967689bbda..d4cd9859c9d 100644 --- a/2008/1xxx/CVE-2008-1673.json +++ b/2008/1xxx/CVE-2008-1673.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-1673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 rPSA-2008-0189-1 kernel xen", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493300/100/0/threaded" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ddb2c43594f22843e9f3153da151deaba1a834c5", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ddb2c43594f22843e9f3153da151deaba1a834c5" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=443962", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=443962" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189" - }, - { - "name" : "DSA-1592", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1592" - }, - { - "name" : "FEDORA-2008-5308", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00587.html" - }, - { - "name" : "MDVSA-2008:113", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:113" - }, - { - "name" : "MDVSA-2008:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" - }, - { - "name" : "SUSE-SA:2008:035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" - }, - { - "name" : "SUSE-SA:2008:038", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" - }, - { - "name" : "SUSE-SA:2008:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" - }, - { - "name" : "SUSE-SA:2008:047", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html" - }, - { - "name" : "SUSE-SA:2008:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html" - }, - { - "name" : "SUSE-SA:2008:052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html" - }, - { - "name" : "USN-625-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-625-1" - }, - { - "name" : "29589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29589" - }, - { - "name" : "32370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32370" - }, - { - "name" : "30982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30982" - }, - { - "name" : "ADV-2008-1770", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1770" - }, - { - "name" : "1020210", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020210" - }, - { - "name" : "30580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30580" - }, - { - "name" : "30000", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30000" - }, - { - "name" : "30644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30644" - }, - { - "name" : "30658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30658" - }, - { - "name" : "31107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31107" - }, - { - "name" : "31836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31836" - }, - { - "name" : "32759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32759" - }, - { - "name" : "32103", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32103" - }, - { - "name" : "32104", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32104" - }, - { - "name" : "linux-kernel-ber-decoder-bo(42921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2008:047", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html" + }, + { + "name": "30000", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30000" + }, + { + "name": "30658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30658" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189" + }, + { + "name": "SUSE-SA:2008:038", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" + }, + { + "name": "29589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29589" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ddb2c43594f22843e9f3153da151deaba1a834c5", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ddb2c43594f22843e9f3153da151deaba1a834c5" + }, + { + "name": "SUSE-SA:2008:035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" + }, + { + "name": "SUSE-SA:2008:052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html" + }, + { + "name": "FEDORA-2008-5308", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00587.html" + }, + { + "name": "32104", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32104" + }, + { + "name": "30982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30982" + }, + { + "name": "30580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30580" + }, + { + "name": "20080611 rPSA-2008-0189-1 kernel xen", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493300/100/0/threaded" + }, + { + "name": "linux-kernel-ber-decoder-bo(42921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42921" + }, + { + "name": "30644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30644" + }, + { + "name": "SUSE-SA:2008:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html" + }, + { + "name": "32103", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32103" + }, + { + "name": "MDVSA-2008:113", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:113" + }, + { + "name": "1020210", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020210" + }, + { + "name": "MDVSA-2008:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" + }, + { + "name": "32759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32759" + }, + { + "name": "ADV-2008-1770", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1770" + }, + { + "name": "31107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31107" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5" + }, + { + "name": "32370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32370" + }, + { + "name": "31836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31836" + }, + { + "name": "USN-625-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-625-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=443962", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443962" + }, + { + "name": "DSA-1592", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1592" + }, + { + "name": "SUSE-SA:2008:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html" + }, + { + "name": "SUSE-SR:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5279.json b/2008/5xxx/CVE-2008-5279.json index dbd8dc04f1d..29994419c75 100644 --- a/2008/5xxx/CVE-2008-5279.json +++ b/2008/5xxx/CVE-2008-5279.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/zilabzcsx-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/zilabzcsx-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/zilabzcsx.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/zilabzcsx.zip" - }, - { - "name" : "27940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27940" - }, - { - "name" : "ADV-2008-0664", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0664" - }, - { - "name" : "29062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27940" + }, + { + "name": "http://aluigi.org/poc/zilabzcsx.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/zilabzcsx.zip" + }, + { + "name": "29062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29062" + }, + { + "name": "ADV-2008-0664", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0664" + }, + { + "name": "http://aluigi.altervista.org/adv/zilabzcsx-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/zilabzcsx-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5358.json b/2008/5xxx/CVE-2008-5358.json index a2349215162..decb9a3aabc 100644 --- a/2008/5xxx/CVE-2008-5358.json +++ b/2008/5xxx/CVE-2008-5358.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081204 Sun Java Web Start GIF Decoding Memory Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" - }, - { - "name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", - "refsource" : "CONFIRM", - "url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBUX02411", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2" - }, - { - "name" : "SSRT080111", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2" - }, - { - "name" : "HPSBMA02486", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2" - }, - { - "name" : "SSRT090049", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2" - }, - { - "name" : "RHSA-2008:1018", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-1018.html" - }, - { - "name" : "RHSA-2009:0369", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0369.html" - }, - { - "name" : "244987", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1" - }, - { - "name" : "SUSE-SR:2009:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html" - }, - { - "name" : "TA08-340A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" - }, - { - "name" : "32608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32608" - }, - { - "name" : "50515", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50515" - }, - { - "name" : "oval:org.mitre.oval:def:6319", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6319" - }, - { - "name" : "34233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34233" - }, - { - "name" : "34259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34259" - }, - { - "name" : "34447", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34447" - }, - { - "name" : "34605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34605" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "38539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38539" - }, - { - "name" : "ADV-2008-3339", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3339" - }, - { - "name" : "32991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32991" - }, - { - "name" : "33015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33015" - }, - { - "name" : "33709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33709" - }, - { - "name" : "33187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33187" - }, - { - "name" : "ADV-2009-0672", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0672" - }, - { - "name" : "jre-gif-images-privilege-escalation(47049)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "244987", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1" + }, + { + "name": "SSRT090049", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2" + }, + { + "name": "SUSE-SA:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html" + }, + { + "name": "34259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34259" + }, + { + "name": "ADV-2009-0672", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0672" + }, + { + "name": "34447", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34447" + }, + { + "name": "RHSA-2008:1018", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html" + }, + { + "name": "33015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33015" + }, + { + "name": "34233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34233" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", + "refsource": "CONFIRM", + "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" + }, + { + "name": "RHSA-2009:0369", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0369.html" + }, + { + "name": "SSRT080111", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2" + }, + { + "name": "38539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38539" + }, + { + "name": "jre-gif-images-privilege-escalation(47049)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47049" + }, + { + "name": "SUSE-SR:2009:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" + }, + { + "name": "HPSBMA02486", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2" + }, + { + "name": "ADV-2008-3339", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3339" + }, + { + "name": "HPSBUX02411", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2" + }, + { + "name": "20081204 Sun Java Web Start GIF Decoding Memory Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758" + }, + { + "name": "TA08-340A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" + }, + { + "name": "33709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33709" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" + }, + { + "name": "34605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34605" + }, + { + "name": "oval:org.mitre.oval:def:6319", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6319" + }, + { + "name": "33187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33187" + }, + { + "name": "32991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32991" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm" + }, + { + "name": "32608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32608" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "50515", + "refsource": "OSVDB", + "url": "http://osvdb.org/50515" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5723.json b/2008/5xxx/CVE-2008-5723.json index 4c21110a5f4..38abe04bde1 100644 --- a/2008/5xxx/CVE-2008-5723.json +++ b/2008/5xxx/CVE-2008-5723.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081113221811", - "refsource" : "CONFIRM", - "url" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081113221811" - }, - { - "name" : "JVN#86833991", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN86833991/index.html" - }, - { - "name" : "JVNDB-2008-000078", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000078.html" - }, - { - "name" : "32485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32485" - }, - { - "name" : "minibbs2000-unspecified-directory-traversal(46972)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081113221811", + "refsource": "CONFIRM", + "url": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081113221811" + }, + { + "name": "32485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32485" + }, + { + "name": "JVNDB-2008-000078", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000078.html" + }, + { + "name": "JVN#86833991", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN86833991/index.html" + }, + { + "name": "minibbs2000-unspecified-directory-traversal(46972)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46972" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5755.json b/2008/5xxx/CVE-2008-5755.json index e0f77c2c130..5d1a96f3c1e 100644 --- a/2008/5xxx/CVE-2008-5755.json +++ b/2008/5xxx/CVE-2008-5755.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7582", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7582" - }, - { - "name" : "33022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33022" - }, - { - "name" : "4839", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4839" - }, - { - "name" : "intellitamper-map-file-bo(47741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7582", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7582" + }, + { + "name": "intellitamper-map-file-bo(47741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47741" + }, + { + "name": "33022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33022" + }, + { + "name": "4839", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4839" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2001.json b/2011/2xxx/CVE-2011-2001.json index 14b73fe8c99..86fe495a270 100644 --- a/2011/2xxx/CVE-2011-2001.json +++ b/2011/2xxx/CVE-2011-2001.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka \"Virtual Function Table Corruption Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-2001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-081", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081" - }, - { - "name" : "49966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49966" - }, - { - "name" : "oval:org.mitre.oval:def:12223", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka \"Virtual Function Table Corruption Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-081", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081" + }, + { + "name": "oval:org.mitre.oval:def:12223", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12223" + }, + { + "name": "49966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49966" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2090.json b/2011/2xxx/CVE-2011-2090.json index dc826fd921d..2ec9c245915 100644 --- a/2011/2xxx/CVE-2011-2090.json +++ b/2011/2xxx/CVE-2011-2090.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2090", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2090", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2222.json b/2011/2xxx/CVE-2011-2222.json index 5a05b53bad2..62e639efa61 100644 --- a/2011/2xxx/CVE-2011-2222.json +++ b/2011/2xxx/CVE-2011-2222.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7009054", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7009054" - }, - { - "name" : "49069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49069" - }, - { - "name" : "45527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45527" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7009054", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7009054" + }, + { + "name": "49069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49069" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2653.json b/2011/2xxx/CVE-2011-2653.json index 6462fd492fa..5806260cb42 100644 --- a/2011/2xxx/CVE-2011-2653.json +++ b/2011/2xxx/CVE-2011-2653.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-342/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-342/" - }, - { - "name" : "http://download.novell.com/Download?buildid=hPvHtXeNmCU~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=hPvHtXeNmCU~" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.novell.com/Download?buildid=hPvHtXeNmCU~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=hPvHtXeNmCU~" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-342/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-342/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2820.json b/2011/2xxx/CVE-2011-2820.json index 9644f2561e9..861924d634e 100644 --- a/2011/2xxx/CVE-2011-2820.json +++ b/2011/2xxx/CVE-2011-2820.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "50066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50066" - }, - { - "name" : "oval:org.mitre.oval:def:17211", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17211", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17211" + }, + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "50066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50066" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3743.json b/2011/3xxx/CVE-2011-3743.json index 41ef46f0ddd..2b55395d0de 100644 --- a/2011/3xxx/CVE-2011-3743.json +++ b/2011/3xxx/CVE-2011-3743.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/hesk-2.2", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/hesk-2.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/hesk-2.2", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/hesk-2.2" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0106.json b/2013/0xxx/CVE-2013-0106.json index d832c706813..7cf0d00b785 100644 --- a/2013/0xxx/CVE-2013-0106.json +++ b/2013/0xxx/CVE-2013-0106.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0106", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0106", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0315.json b/2013/0xxx/CVE-2013-0315.json index f6c72e40000..66ed1c88626 100644 --- a/2013/0xxx/CVE-2013-0315.json +++ b/2013/0xxx/CVE-2013-0315.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=913340", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=913340" - }, - { - "name" : "RHSA-2013:0613", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0613.html" - }, - { - "name" : "91121", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/91121" - }, - { - "name" : "52552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91121", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/91121" + }, + { + "name": "52552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52552" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=913340", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913340" + }, + { + "name": "RHSA-2013:0613", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0613.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0326.json b/2013/0xxx/CVE-2013-0326.json index 6c4dfe653c8..928ba9cac1c 100644 --- a/2013/0xxx/CVE-2013-0326.json +++ b/2013/0xxx/CVE-2013-0326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0781.json b/2013/0xxx/CVE-2013-0781.json index 54ab2ad47ce..b4d3dcb4de4 100644 --- a/2013/0xxx/CVE-2013-0781.json +++ b/2013/0xxx/CVE-2013-0781.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=821991", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=821991" - }, - { - "name" : "openSUSE-SU-2013:0323", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" - }, - { - "name" : "openSUSE-SU-2013:0324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" - }, - { - "name" : "USN-1729-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1729-1" - }, - { - "name" : "USN-1729-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1729-2" - }, - { - "name" : "USN-1748-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1748-1" - }, - { - "name" : "oval:org.mitre.oval:def:16934", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1729-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1729-1" + }, + { + "name": "USN-1729-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1729-2" + }, + { + "name": "USN-1748-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1748-1" + }, + { + "name": "openSUSE-SU-2013:0324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" + }, + { + "name": "openSUSE-SU-2013:0323", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" + }, + { + "name": "oval:org.mitre.oval:def:16934", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16934" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=821991", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=821991" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1071.json b/2013/1xxx/CVE-2013-1071.json index 86464e05bd6..76d439785f1 100644 --- a/2013/1xxx/CVE-2013-1071.json +++ b/2013/1xxx/CVE-2013-1071.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1071", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-1071", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1097.json b/2013/1xxx/CVE-2013-1097.json index 009d3e751c5..c1a8c54bdbe 100644 --- a/2013/1xxx/CVE-2013-1097.json +++ b/2013/1xxx/CVE-2013-1097.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012025", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012025" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012502", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012502" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012027", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012027", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012027" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012025", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012025" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012502", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012502" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1841.json b/2013/1xxx/CVE-2013-1841.json index 28ec3276824..6688e00b5f8 100644 --- a/2013/1xxx/CVE-2013-1841.json +++ b/2013/1xxx/CVE-2013-1841.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130304 Reverse lookup issue in Net::Server", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/04/10" - }, - { - "name" : "[oss-security] 20130311 Re: Reverse lookup issue in Net::Server", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/12/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=920683", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=920683" - }, - { - "name" : "58309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58309" - }, - { - "name" : "netserver-cve20131841-security-bypass(82900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=920683", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920683" + }, + { + "name": "58309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58309" + }, + { + "name": "[oss-security] 20130304 Reverse lookup issue in Net::Server", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/04/10" + }, + { + "name": "[oss-security] 20130311 Re: Reverse lookup issue in Net::Server", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/12/2" + }, + { + "name": "netserver-cve20131841-security-bypass(82900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82900" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4085.json b/2013/4xxx/CVE-2013-4085.json index 3ef46bf8b85..1d16a3e4ab6 100644 --- a/2013/4xxx/CVE-2013-4085.json +++ b/2013/4xxx/CVE-2013-4085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4085", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4085", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4723.json b/2013/4xxx/CVE-2013-4723.json index b6ceefd3b9d..a616a450e7f 100644 --- a/2013/4xxx/CVE-2013-4723.json +++ b/2013/4xxx/CVE-2013-4723.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html" - }, - { - "name" : "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt", - "refsource" : "MISC", - "url" : "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt" - }, - { - "name" : "96662", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt", + "refsource": "MISC", + "url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt" + }, + { + "name": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html" + }, + { + "name": "96662", + "refsource": "OSVDB", + "url": "http://osvdb.org/96662" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4805.json b/2013/4xxx/CVE-2013-4805.json index 91a8ce66788..1a3827329f1 100644 --- a/2013/4xxx/CVE-2013-4805.json +++ b/2013/4xxx/CVE-2013-4805.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02902", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348" - }, - { - "name" : "SSRT101250", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348" - }, - { - "name" : "61556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61556" + }, + { + "name": "HPSBMU02902", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348" + }, + { + "name": "SSRT101250", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03844348" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5886.json b/2013/5xxx/CVE-2013-5886.json index b0410225d62..9987b11d6d5 100644 --- a/2013/5xxx/CVE-2013-5886.json +++ b/2013/5xxx/CVE-2013-5886.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Application Objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64858" - }, - { - "name" : "102036", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102036" - }, - { - "name" : "1029623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029623" - }, - { - "name" : "56477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Application Objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102036", + "refsource": "OSVDB", + "url": "http://osvdb.org/102036" + }, + { + "name": "64858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64858" + }, + { + "name": "56477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56477" + }, + { + "name": "1029623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029623" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000157.json b/2017/1000xxx/CVE-2017-1000157.json index 19c4fd69857..b78e2f8911c 100644 --- a/2017/1000xxx/CVE-2017-1000157.json +++ b/2017/1000xxx/CVE-2017-1000157.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.369977", - "ID" : "CVE-2017-1000157", - "REQUESTER" : "info@mahara.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mahara", - "version" : { - "version_data" : [ - { - "version_value" : "<17.04.2, <16.10.4, <16.04.7, <15.04.13" - } - ] - } - } - ] - }, - "vendor_name" : "Mahara Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Password security" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.369977", + "ID": "CVE-2017-1000157", + "REQUESTER": "info@mahara.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1692749", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/mahara/+bug/1692749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1692749", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/mahara/+bug/1692749" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000159.json b/2017/1000xxx/CVE-2017-1000159.json index 0af3e4e94f0..837d08c781a 100644 --- a/2017/1000xxx/CVE-2017-1000159.json +++ b/2017/1000xxx/CVE-2017-1000159.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.371820", - "ID" : "CVE-2017-1000159", - "REQUESTER" : "hanno@hboeck.de", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "evince", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than 3.25.91" - } - ] - } - } - ] - }, - "vendor_name" : "GNOME" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Script injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.371820", + "ID": "CVE-2017-1000159", + "REQUESTER": "hanno@hboeck.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171211 [SECURITY] [DLA 1204-1] evince security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=784947", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=784947" - }, - { - "name" : "GLSA-201804-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-15" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201804-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-15" + }, + { + "name": "[debian-lts-announce] 20171211 [SECURITY] [DLA 1204-1] evince security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=784947", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784947" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000424.json b/2017/1000xxx/CVE-2017-1000424.json index 6b87059df49..4c98b686729 100644 --- a/2017/1000xxx/CVE-2017-1000424.json +++ b/2017/1000xxx/CVE-2017-1000424.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000424", - "REQUESTER" : "qazbnm456@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Electron", - "version" : { - "version_data" : [ - { - "version_value" : "1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5" - } - ] - } - } - ] - }, - "vendor_name" : "Github Electron Team" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "URL Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000424", + "REQUESTER": "qazbnm456@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/electron/electron/pull/10008", - "refsource" : "CONFIRM", - "url" : "https://github.com/electron/electron/pull/10008" - }, - { - "name" : "https://github.com/electron/electron/pull/10008/files", - "refsource" : "CONFIRM", - "url" : "https://github.com/electron/electron/pull/10008/files" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/electron/electron/pull/10008", + "refsource": "CONFIRM", + "url": "https://github.com/electron/electron/pull/10008" + }, + { + "name": "https://github.com/electron/electron/pull/10008/files", + "refsource": "CONFIRM", + "url": "https://github.com/electron/electron/pull/10008/files" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12052.json b/2017/12xxx/CVE-2017-12052.json index 63461bb4a4a..e64d663a7ca 100644 --- a/2017/12xxx/CVE-2017-12052.json +++ b/2017/12xxx/CVE-2017-12052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12107.json b/2017/12xxx/CVE-2017-12107.json index c915db2b9b3..9ae72d64c70 100644 --- a/2017/12xxx/CVE-2017-12107.json +++ b/2017/12xxx/CVE-2017-12107.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-30T00:00:00", - "ID" : "CVE-2017-12107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Photoline", - "version" : { - "version_data" : [ - { - "version_value" : "20.02" - } - ] - } - } - ] - }, - "vendor_name" : "Computerinsel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "parsing code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-30T00:00:00", + "ID": "CVE-2017-12107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photoline", + "version": { + "version_data": [ + { + "version_value": "20.02" + } + ] + } + } + ] + }, + "vendor_name": "Computerinsel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0459", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "parsing code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0459", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0459" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12393.json b/2017/12xxx/CVE-2017-12393.json index 00d0af06b51..4f2c57c0b9e 100644 --- a/2017/12xxx/CVE-2017-12393.json +++ b/2017/12xxx/CVE-2017-12393.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12393", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12393", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12966.json b/2017/12xxx/CVE-2017-12966.json index d449e5fe9da..c9f87be162f 100644 --- a/2017/12xxx/CVE-2017-12966.json +++ b/2017/12xxx/CVE-2017-12966.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drive.google.com/open?id=0B9DojFnTUSNGd05zSHI1RmpKQjQ", - "refsource" : "MISC", - "url" : "https://drive.google.com/open?id=0B9DojFnTUSNGd05zSHI1RmpKQjQ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drive.google.com/open?id=0B9DojFnTUSNGd05zSHI1RmpKQjQ", + "refsource": "MISC", + "url": "https://drive.google.com/open?id=0B9DojFnTUSNGd05zSHI1RmpKQjQ" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13448.json b/2017/13xxx/CVE-2017-13448.json index 5af3f360496..5c2fbb38df8 100644 --- a/2017/13xxx/CVE-2017-13448.json +++ b/2017/13xxx/CVE-2017-13448.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13448", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13448", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13495.json b/2017/13xxx/CVE-2017-13495.json index 70d0868c2f2..aef75edff33 100644 --- a/2017/13xxx/CVE-2017-13495.json +++ b/2017/13xxx/CVE-2017-13495.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13495", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13495", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13814.json b/2017/13xxx/CVE-2017-13814.json index caa1e07c832..2c38d911021 100644 --- a/2017/13xxx/CVE-2017-13814.json +++ b/2017/13xxx/CVE-2017-13814.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "1039710", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "1039710", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039710" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13941.json b/2017/13xxx/CVE-2017-13941.json index ef816d15218..bb223500a19 100644 --- a/2017/13xxx/CVE-2017-13941.json +++ b/2017/13xxx/CVE-2017-13941.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13941", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13941", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16592.json b/2017/16xxx/CVE-2017-16592.json index f4b50da8511..b21c5b1740d 100644 --- a/2017/16xxx/CVE-2017-16592.json +++ b/2017/16xxx/CVE-2017-16592.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetGain Systems Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.730 build 1034" - } - ] - } - } - ] - }, - "vendor_name" : "NetGain Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetGain Systems Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name": "NetGain Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-957", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-957", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-957" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16671.json b/2017/16xxx/CVE-2017-16671.json index f06db1094ba..fd3235bbc6f 100644 --- a/2017/16xxx/CVE-2017-16671.json +++ b/2017/16xxx/CVE-2017-16671.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.digium.com/pub/security/AST-2017-010.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2017-010.html" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-27337", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-27337" - }, - { - "name" : "DSA-4076", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4076" - }, - { - "name" : "GLSA-201811-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-11" - }, - { - "name" : "101760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101760" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2017-010.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2017-010.html" + }, + { + "name": "GLSA-201811-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-11" + }, + { + "name": "DSA-4076", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4076" + }, + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27337", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27337" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16724.json b/2017/16xxx/CVE-2017-16724.json index 7d323ba3a63..681c3a9d94d 100644 --- a/2017/16xxx/CVE-2017-16724.json +++ b/2017/16xxx/CVE-2017-16724.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-16724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "Advantech WebAccess" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-16724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess", + "version": { + "version_data": [ + { + "version_value": "Advantech WebAccess" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" - }, - { - "name" : "102424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102424" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16809.json b/2017/16xxx/CVE-2017-16809.json index 2dd48997d4b..b43985b0fa6 100644 --- a/2017/16xxx/CVE-2017-16809.json +++ b/2017/16xxx/CVE-2017-16809.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16809", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16809", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4004.json b/2017/4xxx/CVE-2017-4004.json index 247430f238e..2f589cf8d03 100644 --- a/2017/4xxx/CVE-2017-4004.json +++ b/2017/4xxx/CVE-2017-4004.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4004", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4004", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4263.json b/2017/4xxx/CVE-2017-4263.json index 9403cd2c4ac..75cf485725f 100644 --- a/2017/4xxx/CVE-2017-4263.json +++ b/2017/4xxx/CVE-2017-4263.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4263", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4263", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4485.json b/2017/4xxx/CVE-2017-4485.json index 9553f0a5816..7bff0516a1f 100644 --- a/2017/4xxx/CVE-2017-4485.json +++ b/2017/4xxx/CVE-2017-4485.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4485", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4485", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4673.json b/2017/4xxx/CVE-2017-4673.json index ed75fce48bd..017e588f1bb 100644 --- a/2017/4xxx/CVE-2017-4673.json +++ b/2017/4xxx/CVE-2017-4673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4673", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4673", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4952.json b/2017/4xxx/CVE-2017-4952.json index 5097280250c..02929e5ce04 100644 --- a/2017/4xxx/CVE-2017-4952.json +++ b/2017/4xxx/CVE-2017-4952.json @@ -1,113 +1,113 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2017-4952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VMware Xenon", - "version" : { - "version_data" : [ - { - "version_value" : "1.x prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8." - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2017-4952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VMware Xenon", + "version": { + "version_data": [ + { + "version_value": "1.x prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8." + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180213 Authentication Bypass Vulnerability in VMware Xenon (CVE-2017-4952)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2018/q1/153" - }, - { - "name" : "https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1", - "refsource" : "CONFIRM", - "url" : "https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1" - }, - { - "name" : "https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592", - "refsource" : "CONFIRM", - "url" : "https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592" - }, - { - "name" : "https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8", - "refsource" : "CONFIRM", - "url" : "https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8" - }, - { - "name" : "https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713", - "refsource" : "CONFIRM", - "url" : "https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713" - }, - { - "name" : "https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c", - "refsource" : "CONFIRM", - "url" : "https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c" - }, - { - "name" : "https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75", - "refsource" : "CONFIRM", - "url" : "https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75" - }, - { - "name" : "https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977", - "refsource" : "CONFIRM", - "url" : "https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977" - }, - { - "name" : "https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3", - "refsource" : "CONFIRM", - "url" : "https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3" - }, - { - "name" : "https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a", - "refsource" : "CONFIRM", - "url" : "https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a" - }, - { - "name" : "103093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a", + "refsource": "CONFIRM", + "url": "https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a" + }, + { + "name": "https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8", + "refsource": "CONFIRM", + "url": "https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8" + }, + { + "name": "103093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103093" + }, + { + "name": "https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c", + "refsource": "CONFIRM", + "url": "https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c" + }, + { + "name": "[oss-security] 20180213 Authentication Bypass Vulnerability in VMware Xenon (CVE-2017-4952)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2018/q1/153" + }, + { + "name": "https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713", + "refsource": "CONFIRM", + "url": "https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713" + }, + { + "name": "https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3", + "refsource": "CONFIRM", + "url": "https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3" + }, + { + "name": "https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1", + "refsource": "CONFIRM", + "url": "https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1" + }, + { + "name": "https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977", + "refsource": "CONFIRM", + "url": "https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977" + }, + { + "name": "https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75", + "refsource": "CONFIRM", + "url": "https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75" + }, + { + "name": "https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592", + "refsource": "CONFIRM", + "url": "https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18046.json b/2018/18xxx/CVE-2018-18046.json index 68b33858635..b0d7c0b2246 100644 --- a/2018/18xxx/CVE-2018-18046.json +++ b/2018/18xxx/CVE-2018-18046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18262.json b/2018/18xxx/CVE-2018-18262.json index 3e95caeb26e..4dc84ca0f98 100644 --- a/2018/18xxx/CVE-2018-18262.json +++ b/2018/18xxx/CVE-2018-18262.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoho ManageEngine OpManager 12.3 before build 123214 has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181016 Vulnerability Disclose", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Oct/34" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine OpManager 12.3 before build 123214 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181016 Vulnerability Disclose", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Oct/34" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18618.json b/2018/18xxx/CVE-2018-18618.json index c1b8ea34353..715db39068b 100644 --- a/2018/18xxx/CVE-2018-18618.json +++ b/2018/18xxx/CVE-2018-18618.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18618", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18618", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18846.json b/2018/18xxx/CVE-2018-18846.json index f0f962d71d7..b5a6573ed15 100644 --- a/2018/18xxx/CVE-2018-18846.json +++ b/2018/18xxx/CVE-2018-18846.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18846", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18846", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5106.json b/2018/5xxx/CVE-2018-5106.json index e30c6d76bc5..379c387e660 100644 --- a/2018/5xxx/CVE-2018-5106.json +++ b/2018/5xxx/CVE-2018-5106.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "58" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Developer Tools can expose style editor information cross-origin through service worker" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "58" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1408708", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1408708" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/" - }, - { - "name" : "USN-3544-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3544-1/" - }, - { - "name" : "102786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102786" - }, - { - "name" : "1040270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Developer Tools can expose style editor information cross-origin through service worker" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040270" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408708", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408708" + }, + { + "name": "USN-3544-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3544-1/" + }, + { + "name": "102786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102786" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5261.json b/2018/5xxx/CVE-2018-5261.json index a3b98f96ac9..e2875e917e1 100644 --- a/2018/5xxx/CVE-2018-5261.json +++ b/2018/5xxx/CVE-2018-5261.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261", - "refsource" : "MISC", - "url" : "https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261", + "refsource": "MISC", + "url": "https://github.com/bitsadmin/exploits/tree/master/CVE-2018-5261" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5440.json b/2018/5xxx/CVE-2018-5440.json index 2dec5c9cfbc..f7d0d21907c 100644 --- a/2018/5xxx/CVE-2018-5440.json +++ b/2018/5xxx/CVE-2018-5440.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-5440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "3S-Smart Software Solutions GmbH CODESYS Web Server", - "version" : { - "version_data" : [ - { - "version_value" : "3S-Smart Software Solutions GmbH CODESYS Web Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-5440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "3S-Smart Software Solutions GmbH CODESYS Web Server", + "version": { + "version_data": [ + { + "version_value": "3S-Smart Software Solutions GmbH CODESYS Web Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02" - }, - { - "name" : "102909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102909" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5721.json b/2018/5xxx/CVE-2018-5721.json index ad359a755e5..07d09c1fd2b 100644 --- a/2018/5xxx/CVE-2018-5721.json +++ b/2018/5xxx/CVE-2018-5721.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a \"_wan_if\" substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.w0lfzhang.com/2018/01/17/ASUS-router-stack-overflow-in-http-server/", - "refsource" : "MISC", - "url" : "http://www.w0lfzhang.com/2018/01/17/ASUS-router-stack-overflow-in-http-server/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a \"_wan_if\" substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.w0lfzhang.com/2018/01/17/ASUS-router-stack-overflow-in-http-server/", + "refsource": "MISC", + "url": "http://www.w0lfzhang.com/2018/01/17/ASUS-router-stack-overflow-in-http-server/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5926.json b/2018/5xxx/CVE-2018-5926.json index 6f99ba6adad..40c86e8f92a 100644 --- a/2018/5xxx/CVE-2018-5926.json +++ b/2018/5xxx/CVE-2018-5926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5932.json b/2018/5xxx/CVE-2018-5932.json index 11d9ef22996..fa6f7d1aca9 100644 --- a/2018/5xxx/CVE-2018-5932.json +++ b/2018/5xxx/CVE-2018-5932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5932", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5932", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file