From 77d4239c0fecc1534afa5ad79c722e4378a685ab Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:43:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0420.json | 130 ++++----- 2001/1xxx/CVE-2001-1246.json | 180 ++++++------ 2001/1xxx/CVE-2001-1393.json | 210 ++++++------- 2001/1xxx/CVE-2001-1411.json | 150 +++++----- 2006/2xxx/CVE-2006-2992.json | 170 +++++------ 2008/1xxx/CVE-2008-1605.json | 160 +++++----- 2008/5xxx/CVE-2008-5292.json | 170 +++++------ 2008/5xxx/CVE-2008-5360.json | 520 ++++++++++++++++----------------- 2008/5xxx/CVE-2008-5521.json | 150 +++++----- 2011/2xxx/CVE-2011-2058.json | 120 ++++---- 2011/2xxx/CVE-2011-2706.json | 34 +-- 2011/2xxx/CVE-2011-2929.json | 230 +++++++-------- 2011/3xxx/CVE-2011-3246.json | 220 +++++++------- 2011/3xxx/CVE-2011-3601.json | 140 ++++----- 2013/0xxx/CVE-2013-0584.json | 130 ++++----- 2013/0xxx/CVE-2013-0847.json | 130 ++++----- 2013/0xxx/CVE-2013-0895.json | 140 ++++----- 2013/0xxx/CVE-2013-0917.json | 140 ++++----- 2013/1xxx/CVE-2013-1040.json | 180 ++++++------ 2013/1xxx/CVE-2013-1423.json | 200 ++++++------- 2013/1xxx/CVE-2013-1558.json | 250 ++++++++-------- 2013/1xxx/CVE-2013-1673.json | 140 ++++----- 2013/1xxx/CVE-2013-1708.json | 140 ++++----- 2013/1xxx/CVE-2013-1814.json | 130 ++++----- 2013/3xxx/CVE-2013-3975.json | 130 ++++----- 2013/4xxx/CVE-2013-4043.json | 140 ++++----- 2013/4xxx/CVE-2013-4268.json | 34 +-- 2013/4xxx/CVE-2013-4518.json | 34 +-- 2013/4xxx/CVE-2013-4542.json | 160 +++++----- 2013/4xxx/CVE-2013-4804.json | 130 ++++----- 2013/5xxx/CVE-2013-5050.json | 34 +-- 2013/5xxx/CVE-2013-5175.json | 120 ++++---- 2017/12xxx/CVE-2017-12246.json | 140 ++++----- 2017/12xxx/CVE-2017-12276.json | 140 ++++----- 2017/12xxx/CVE-2017-12686.json | 34 +-- 2017/12xxx/CVE-2017-12814.json | 160 +++++----- 2017/13xxx/CVE-2017-13578.json | 34 +-- 2017/13xxx/CVE-2017-13798.json | 190 ++++++------ 2017/13xxx/CVE-2017-13929.json | 34 +-- 2017/16xxx/CVE-2017-16687.json | 142 ++++----- 2017/17xxx/CVE-2017-17626.json | 130 ++++----- 2017/4xxx/CVE-2017-4274.json | 34 +-- 2017/4xxx/CVE-2017-4449.json | 34 +-- 2017/4xxx/CVE-2017-4597.json | 34 +-- 2017/4xxx/CVE-2017-4638.json | 34 +-- 2017/4xxx/CVE-2017-4840.json | 34 +-- 2018/18xxx/CVE-2018-18103.json | 34 +-- 2018/18xxx/CVE-2018-18331.json | 120 ++++---- 2018/18xxx/CVE-2018-18641.json | 130 ++++----- 2018/18xxx/CVE-2018-18726.json | 120 ++++---- 2018/18xxx/CVE-2018-18779.json | 34 +-- 2018/1xxx/CVE-2018-1800.json | 178 +++++------ 2018/5xxx/CVE-2018-5149.json | 34 +-- 2018/5xxx/CVE-2018-5842.json | 122 ++++---- 54 files changed, 3446 insertions(+), 3446 deletions(-) diff --git a/2001/0xxx/CVE-2001-0420.json b/2001/0xxx/CVE-2001-0420.json index 41540e60454..4d71018fdeb 100644 --- a/2001/0xxx/CVE-2001-0420.json +++ b/2001/0xxx/CVE-2001-0420.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010409 talkback.cgi vulnerability may allow users to read any file", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0128.html" - }, - { - "name" : "2547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2547" + }, + { + "name": "20010409 talkback.cgi vulnerability may allow users to read any file", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0128.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1246.json b/2001/1xxx/CVE-2001-1246.json index 847ecd06860..a9bd4a9d82e 100644 --- a/2001/1xxx/CVE-2001-1246.json +++ b/2001/1xxx/CVE-2001-1246.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010630 php breaks safe mode", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/194425" - }, - { - "name" : "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz" - }, - { - "name" : "RHSA-2002:102", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-102.html" - }, - { - "name" : "RHSA-2002:129", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-129.html" - }, - { - "name" : "RHSA-2003:159", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-159.html" - }, - { - "name" : "2954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2954" - }, - { - "name" : "php-safemode-elevate-privileges(6787)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6787.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:159", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-159.html" + }, + { + "name": "RHSA-2002:129", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-129.html" + }, + { + "name": "php-safemode-elevate-privileges(6787)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6787.php" + }, + { + "name": "2954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2954" + }, + { + "name": "20010630 php breaks safe mode", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/194425" + }, + { + "name": "RHSA-2002:102", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-102.html" + }, + { + "name": "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz", + "refsource": "CONFIRM", + "url": "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1393.json b/2001/1xxx/CVE-2001-1393.json index 1d808778001..3e2d4e9631b 100644 --- a/2001/1xxx/CVE-2001-1393.json +++ b/2001/1xxx/CVE-2001-1393.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010405 Trustix Security Advisory #2001-0003 - kernel", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98653252326445&w=2" - }, - { - "name" : "20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98684172109474&w=2" - }, - { - "name" : "http://www.linux.org.uk/VERSION/relnotes.2219.html", - "refsource" : "CONFIRM", - "url" : "http://www.linux.org.uk/VERSION/relnotes.2219.html" - }, - { - "name" : "IMNX-2001-70-010-01", - "refsource" : "IMMUNIX", - "url" : "http://marc.info/?l=bugtraq&m=98575345009963&w=2" - }, - { - "name" : "CSSA-2001-012.0", - "refsource" : "CALDERA", - "url" : "http://marc.info/?l=bugtraq&m=98637996127004&w=2" - }, - { - "name" : "MDKSA-2001:037", - "refsource" : "MANDRAKE", - "url" : "http://marc.info/?l=bugtraq&m=98759029811377&w=2" - }, - { - "name" : "DSA-047", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2001/dsa-047" - }, - { - "name" : "SuSE-SA:2001:018", - "refsource" : "SUSE", - "url" : "http://marc.info/?l=bugtraq&m=99013830726309&w=2" - }, - { - "name" : "CLA-2001:394", - "refsource" : "CONECTIVA", - "url" : "http://marc.info/?l=bugtraq&m=98775114228203&w=2" - }, - { - "name" : "RHSA-2001:047", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-047.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2001:047", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-047.html" + }, + { + "name": "CSSA-2001-012.0", + "refsource": "CALDERA", + "url": "http://marc.info/?l=bugtraq&m=98637996127004&w=2" + }, + { + "name": "http://www.linux.org.uk/VERSION/relnotes.2219.html", + "refsource": "CONFIRM", + "url": "http://www.linux.org.uk/VERSION/relnotes.2219.html" + }, + { + "name": "DSA-047", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2001/dsa-047" + }, + { + "name": "MDKSA-2001:037", + "refsource": "MANDRAKE", + "url": "http://marc.info/?l=bugtraq&m=98759029811377&w=2" + }, + { + "name": "20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98684172109474&w=2" + }, + { + "name": "IMNX-2001-70-010-01", + "refsource": "IMMUNIX", + "url": "http://marc.info/?l=bugtraq&m=98575345009963&w=2" + }, + { + "name": "CLA-2001:394", + "refsource": "CONECTIVA", + "url": "http://marc.info/?l=bugtraq&m=98775114228203&w=2" + }, + { + "name": "20010405 Trustix Security Advisory #2001-0003 - kernel", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98653252326445&w=2" + }, + { + "name": "SuSE-SA:2001:018", + "refsource": "SUSE", + "url": "http://marc.info/?l=bugtraq&m=99013830726309&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1411.json b/2001/1xxx/CVE-2001-1411.json index ab5568458d6..5345af3d7fd 100644 --- a/2001/1xxx/CVE-2001-1411.json +++ b/2001/1xxx/CVE-2001-1411.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011020 gm4 format strings on OSX", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100368233714229&w=2" - }, - { - "name" : "VU#147587", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/147587" - }, - { - "name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html" - }, - { - "name" : "macos-gm4-utility-bo(10174)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10174.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.apple.com/mhonarc/security-announce/msg00038.html", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00038.html" + }, + { + "name": "VU#147587", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/147587" + }, + { + "name": "macos-gm4-utility-bo(10174)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10174.php" + }, + { + "name": "20011020 gm4 format strings on OSX", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100368233714229&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2992.json b/2006/2xxx/CVE-2006-2992.json index a7a1c3a0f74..76bd69e27f3 100644 --- a/2006/2xxx/CVE-2006-2992.json +++ b/2006/2xxx/CVE-2006-2992.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html" - }, - { - "name" : "18418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18418" - }, - { - "name" : "ADV-2006-2244", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2244" - }, - { - "name" : "26280", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26280" - }, - { - "name" : "20554", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20554" - }, - { - "name" : "myphoto-display-xss(27085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "myphoto-display-xss(27085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27085" + }, + { + "name": "ADV-2006-2244", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2244" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html" + }, + { + "name": "26280", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26280" + }, + { + "name": "20554", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20554" + }, + { + "name": "18418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18418" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1605.json b/2008/1xxx/CVE-2008-1605.json index 69fdcc1ab6b..203886dfa69 100644 --- a/2008/1xxx/CVE-2008-1605.json +++ b/2008/1xxx/CVE-2008-1605.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1206434746.ff.php&page=last", - "refsource" : "MISC", - "url" : "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1206434746.ff.php&page=last" - }, - { - "name" : "http://www.shinnai.altervista.org/xplits/TXT_lyyELAFI8pOPu2p7N6cq.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.altervista.org/xplits/TXT_lyyELAFI8pOPu2p7N6cq.html" - }, - { - "name" : "28442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28442" - }, - { - "name" : "29538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29538" - }, - { - "name" : "leadtools-multimedia-file-overwrite(41467)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29538" + }, + { + "name": "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1206434746.ff.php&page=last", + "refsource": "MISC", + "url": "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1206434746.ff.php&page=last" + }, + { + "name": "http://www.shinnai.altervista.org/xplits/TXT_lyyELAFI8pOPu2p7N6cq.html", + "refsource": "MISC", + "url": "http://www.shinnai.altervista.org/xplits/TXT_lyyELAFI8pOPu2p7N6cq.html" + }, + { + "name": "leadtools-multimedia-file-overwrite(41467)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41467" + }, + { + "name": "28442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28442" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5292.json b/2008/5xxx/CVE-2008-5292.json index 3b3a3154585..fd480b4e232 100644 --- a/2008/5xxx/CVE-2008-5292.json +++ b/2008/5xxx/CVE-2008-5292.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7234", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7234" - }, - { - "name" : "32477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32477" - }, - { - "name" : "50309", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50309" - }, - { - "name" : "32808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32808" - }, - { - "name" : "4668", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4668" - }, - { - "name" : "videogirls-viewsnaps-sql-injection(46872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4668", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4668" + }, + { + "name": "50309", + "refsource": "OSVDB", + "url": "http://osvdb.org/50309" + }, + { + "name": "32808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32808" + }, + { + "name": "32477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32477" + }, + { + "name": "videogirls-viewsnaps-sql-injection(46872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46872" + }, + { + "name": "7234", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7234" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5360.json b/2008/5xxx/CVE-2008-5360.json index 57aa11b8828..55ae486dec8 100644 --- a/2008/5xxx/CVE-2008-5360.json +++ b/2008/5xxx/CVE-2008-5360.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-484.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-484.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" - }, - { - "name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", - "refsource" : "CONFIRM", - "url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBUX02411", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2" - }, - { - "name" : "SSRT080111", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2" - }, - { - "name" : "HPSBMA02486", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2" - }, - { - "name" : "SSRT090049", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2" - }, - { - "name" : "RHSA-2008:1018", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-1018.html" - }, - { - "name" : "RHSA-2008:1025", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-1025.html" - }, - { - "name" : "RHSA-2009:0015", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0015.html" - }, - { - "name" : "RHSA-2009:0016", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0016.html" - }, - { - "name" : "RHSA-2009:0445", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0445.html" - }, - { - "name" : "RHSA-2009:0466", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-0466.html" - }, - { - "name" : "244986", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244986-1" - }, - { - "name" : "SUSE-SA:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html" - }, - { - "name" : "SUSE-SR:2009:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "TA08-340A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" - }, - { - "name" : "32608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32608" - }, - { - "name" : "oval:org.mitre.oval:def:6596", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6596" - }, - { - "name" : "1021316", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021316" - }, - { - "name" : "34233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34233" - }, - { - "name" : "34259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34259" - }, - { - "name" : "34605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34605" - }, - { - "name" : "34889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34889" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "34972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34972" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "38539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38539" - }, - { - "name" : "ADV-2008-3339", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3339" - }, - { - "name" : "32991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32991" - }, - { - "name" : "33015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33015" - }, - { - "name" : "33710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33710" - }, - { - "name" : "33709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33709" - }, - { - "name" : "33187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33187" - }, - { - "name" : "33528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33528" - }, - { - "name" : "ADV-2009-0672", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0672" - }, - { - "name" : "jre-guessable-file-unauth-access(47045)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT090049", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-484.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-484.htm" + }, + { + "name": "SUSE-SA:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html" + }, + { + "name": "34259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34259" + }, + { + "name": "ADV-2009-0672", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0672" + }, + { + "name": "RHSA-2008:1018", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html" + }, + { + "name": "33015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33015" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm" + }, + { + "name": "34889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34889" + }, + { + "name": "34233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34233" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "244986", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244986-1" + }, + { + "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", + "refsource": "CONFIRM", + "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" + }, + { + "name": "SUSE-SA:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html" + }, + { + "name": "SSRT080111", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2" + }, + { + "name": "38539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38539" + }, + { + "name": "oval:org.mitre.oval:def:6596", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6596" + }, + { + "name": "34972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34972" + }, + { + "name": "RHSA-2009:0466", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-0466.html" + }, + { + "name": "SUSE-SR:2009:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "33528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33528" + }, + { + "name": "1021316", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021316" + }, + { + "name": "RHSA-2008:1025", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-1025.html" + }, + { + "name": "HPSBMA02486", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2" + }, + { + "name": "ADV-2008-3339", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3339" + }, + { + "name": "HPSBUX02411", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2" + }, + { + "name": "jre-guessable-file-unauth-access(47045)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47045" + }, + { + "name": "RHSA-2009:0445", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0445.html" + }, + { + "name": "RHSA-2009:0016", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0016.html" + }, + { + "name": "TA08-340A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" + }, + { + "name": "33709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33709" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" + }, + { + "name": "34605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34605" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "RHSA-2009:0015", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0015.html" + }, + { + "name": "33187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33187" + }, + { + "name": "32991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32991" + }, + { + "name": "32608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32608" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "33710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33710" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5521.json b/2008/5xxx/CVE-2008-5521.json index 02b09485c7a..34186988b25 100644 --- a/2008/5xxx/CVE-2008-5521.json +++ b/2008/5xxx/CVE-2008-5521.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded" - }, - { - "name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded" - }, - { - "name" : "4723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4723" - }, - { - "name" : "multiple-antivirus-mzheader-code-execution(47435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-antivirus-mzheader-code-execution(47435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" + }, + { + "name": "4723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4723" + }, + { + "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded" + }, + { + "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2058.json b/2011/2xxx/CVE-2011-2058.json index 92721c08b14..f391a291c2c 100644 --- a/2011/2xxx/CVE-2011-2058.json +++ b/2011/2xxx/CVE-2011-2058.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXI_rebuilds.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXI_rebuilds.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXI_rebuilds.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXI_rebuilds.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2706.json b/2011/2xxx/CVE-2011-2706.json index 9fb08b43106..51ddf6214dc 100644 --- a/2011/2xxx/CVE-2011-2706.json +++ b/2011/2xxx/CVE-2011-2706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2706", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2706", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2929.json b/2011/2xxx/CVE-2011-2929.json index 1521bcb76e9..7971a2d4c92 100644 --- a/2011/2xxx/CVE-2011-2929.json +++ b/2011/2xxx/CVE-2011-2929.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110817 CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/17/1" - }, - { - "name" : "[oss-security] 20110819 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/19/11" - }, - { - "name" : "[oss-security] 20110820 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/20/1" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/14" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/13" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/5" - }, - { - "name" : "[rubyonrails-security] 20110816 Filter Skipping Vulnerability in Ruby on Rails 3.0", - "refsource" : "MLIST", - "url" : "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain" - }, - { - "name" : "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=731432", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=731432" - }, - { - "name" : "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552", - "refsource" : "CONFIRM", - "url" : "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552" - }, - { - "name" : "FEDORA-2011-11386", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" - }, - { - "name" : "FEDORA-2011-11572", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110817 CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" + }, + { + "name": "FEDORA-2011-11386", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" + }, + { + "name": "[oss-security] 20110819 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" + }, + { + "name": "[oss-security] 20110820 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" + }, + { + "name": "FEDORA-2011-11572", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" + }, + { + "name": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552", + "refsource": "CONFIRM", + "url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" + }, + { + "name": "[rubyonrails-security] 20110816 Filter Skipping Vulnerability in Ruby on Rails 3.0", + "refsource": "MLIST", + "url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" + }, + { + "name": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=731432", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3246.json b/2011/3xxx/CVE-2011-3246.json index 4f06411d93b..a155f978fd8 100644 --- a/2011/3xxx/CVE-2011-3246.json +++ b/2011/3xxx/CVE-2011-3246.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "http://support.apple.com/kb/HT5052", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5052" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "50115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50115" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - }, - { - "name" : "appleios-http-sec-bypass(70551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "APPLE-SA-2011-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5052", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5052" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "50115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50115" + }, + { + "name": "appleios-http-sec-bypass(70551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70551" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3601.json b/2011/3xxx/CVE-2011-3601.json index a80f74e7c78..b8f9fe880f4 100644 --- a/2011/3xxx/CVE-2011-3601.json +++ b/2011/3xxx/CVE-2011-3601.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111007 radvd 1.8.2 released with security fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/10/06/3" - }, - { - "name" : "http://www.litech.org/radvd/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://www.litech.org/radvd/CHANGES" - }, - { - "name" : "USN-1257-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1257-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111007 radvd 1.8.2 released with security fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/10/06/3" + }, + { + "name": "http://www.litech.org/radvd/CHANGES", + "refsource": "CONFIRM", + "url": "http://www.litech.org/radvd/CHANGES" + }, + { + "name": "USN-1257-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1257-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0584.json b/2013/0xxx/CVE-2013-0584.json index 8840be7b891..fc4ac903777 100644 --- a/2013/0xxx/CVE-2013-0584.json +++ b/2013/0xxx/CVE-2013-0584.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Data Replication Dashboard component in IBM InfoSphere Replication Server 9.7 and 10.x before 10.2.0.0-b113 allows remote attackers to obtain a list of all user accounts, along with information about whether each account requires a password, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21634798", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21634798" - }, - { - "name" : "ibm-infosphere-cve20130584-info-disclosure(83355)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Data Replication Dashboard component in IBM InfoSphere Replication Server 9.7 and 10.x before 10.2.0.0-b113 allows remote attackers to obtain a list of all user accounts, along with information about whether each account requires a password, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21634798", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21634798" + }, + { + "name": "ibm-infosphere-cve20130584-info-disclosure(83355)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83355" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0847.json b/2013/0xxx/CVE-2013-0847.json index 20f9d4cabd6..0cfb8f1e6c0 100644 --- a/2013/0xxx/CVE-2013-0847.json +++ b/2013/0xxx/CVE-2013-0847.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0895.json b/2013/0xxx/CVE-2013-0895.json index 1a881f5f504..c20baac9b26 100644 --- a/2013/0xxx/CVE-2013-0895.json +++ b/2013/0xxx/CVE-2013-0895.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=167840", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=167840" - }, - { - "name" : "openSUSE-SU-2013:0454", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" + }, + { + "name": "openSUSE-SU-2013:0454", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=167840", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=167840" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0917.json b/2013/0xxx/CVE-2013-0917.json index 293d9a03ac4..4f54f6ce684 100644 --- a/2013/0xxx/CVE-2013-0917.json +++ b/2013/0xxx/CVE-2013-0917.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=180909", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=180909" - }, - { - "name" : "oval:org.mitre.oval:def:15892", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html" + }, + { + "name": "oval:org.mitre.oval:def:15892", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15892" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=180909", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=180909" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1040.json b/2013/1xxx/CVE-2013-1040.json index 640b4325813..dae63c32516 100644 --- a/2013/1xxx/CVE-2013-1040.json +++ b/2013/1xxx/CVE-2013-1040.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-1040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "http://support.apple.com/kb/HT6001", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6001" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "APPLE-SA-2013-10-22-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" - }, - { - "name" : "APPLE-SA-2013-10-22-8", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" - }, - { - "name" : "1029054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029054" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-10-22-8", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" + }, + { + "name": "1029054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029054" + }, + { + "name": "http://support.apple.com/kb/HT6001", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6001" + }, + { + "name": "APPLE-SA-2013-10-22-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" + }, + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1423.json b/2013/1xxx/CVE-2013-1423.json index 4b91cb3fd73..023d234042c 100644 --- a/2013/1xxx/CVE-2013-1423.json +++ b/2013/1xxx/CVE-2013-1423.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2013-1423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130225 fusionforge CVE-2013-1423 multiple privilege escalations", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/25/5" - }, - { - "name" : "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=0cc51b3aca51fa915a35195fdf729bcdb903f2af", - "refsource" : "CONFIRM", - "url" : "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=0cc51b3aca51fa915a35195fdf729bcdb903f2af" - }, - { - "name" : "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=1fc730b97c797e03b89cd37823ab345d35286cf4", - "refsource" : "CONFIRM", - "url" : "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=1fc730b97c797e03b89cd37823ab345d35286cf4" - }, - { - "name" : "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba", - "refsource" : "CONFIRM", - "url" : "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba" - }, - { - "name" : "DSA-2633", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2633" - }, - { - "name" : "58143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58143" - }, - { - "name" : "90605", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90605" - }, - { - "name" : "52318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52318" - }, - { - "name" : "52371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58143" + }, + { + "name": "DSA-2633", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2633" + }, + { + "name": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba", + "refsource": "CONFIRM", + "url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=9937b9d94ab60ff67fe249c1b9a6c8e3fc1778ba" + }, + { + "name": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=1fc730b97c797e03b89cd37823ab345d35286cf4", + "refsource": "CONFIRM", + "url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=1fc730b97c797e03b89cd37823ab345d35286cf4" + }, + { + "name": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=0cc51b3aca51fa915a35195fdf729bcdb903f2af", + "refsource": "CONFIRM", + "url": "https://fusionforge.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=fusionforge/fusionforge.git;a=commitdiff;h=0cc51b3aca51fa915a35195fdf729bcdb903f2af" + }, + { + "name": "[oss-security] 20130225 fusionforge CVE-2013-1423 multiple privilege escalations", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/25/5" + }, + { + "name": "52371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52371" + }, + { + "name": "52318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52318" + }, + { + "name": "90605", + "refsource": "OSVDB", + "url": "http://osvdb.org/90605" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1558.json b/2013/1xxx/CVE-2013-1558.json index 0d404d1647e..80d944a02c8 100644 --- a/2013/1xxx/CVE-2013-1558.json +++ b/2013/1xxx/CVE-2013-1558.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" - }, - { - "name" : "APPLE-SA-2013-04-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" - }, - { - "name" : "HPSBUX02889", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" - }, - { - "name" : "SSRT101252", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" - }, - { - "name" : "MDVSA-2013:161", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" - }, - { - "name" : "RHSA-2013:0752", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html" - }, - { - "name" : "RHSA-2013:0757", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" - }, - { - "name" : "RHSA-2013:0758", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html" - }, - { - "name" : "USN-1806-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1806-1" - }, - { - "name" : "TA13-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" - }, - { - "name" : "59219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59219" - }, - { - "name" : "oval:org.mitre.oval:def:16543", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16543" - }, - { - "name" : "oval:org.mitre.oval:def:19158", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0758", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html" + }, + { + "name": "APPLE-SA-2013-04-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" + }, + { + "name": "TA13-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A" + }, + { + "name": "SSRT101252", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" + }, + { + "name": "RHSA-2013:0757", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html" + }, + { + "name": "oval:org.mitre.oval:def:19158", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19158" + }, + { + "name": "MDVSA-2013:161", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" + }, + { + "name": "RHSA-2013:0752", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html" + }, + { + "name": "USN-1806-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1806-1" + }, + { + "name": "oval:org.mitre.oval:def:16543", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16543" + }, + { + "name": "59219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59219" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" + }, + { + "name": "HPSBUX02889", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1673.json b/2013/1xxx/CVE-2013-1673.json index 9ca7db7ba47..af51a41ecca 100644 --- a/2013/1xxx/CVE-2013-1673.json +++ b/2013/1xxx/CVE-2013-1673.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a \"trusted path.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-45.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-45.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=854088", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=854088" - }, - { - "name" : "oval:org.mitre.oval:def:17125", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a \"trusted path.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-45.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-45.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=854088", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=854088" + }, + { + "name": "oval:org.mitre.oval:def:17125", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17125" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1708.json b/2013/1xxx/CVE-2013-1708.json index 9aa9a6f86b6..2c3d88080f0 100644 --- a/2013/1xxx/CVE-2013-1708.json +++ b/2013/1xxx/CVE-2013-1708.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-67.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-67.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=879924", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=879924" - }, - { - "name" : "oval:org.mitre.oval:def:18803", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=879924", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=879924" + }, + { + "name": "oval:org.mitre.oval:def:18803", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18803" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-67.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-67.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1814.json b/2013/1xxx/CVE-2013-1814.json index 74d923f62d4..00664554de9 100644 --- a/2013/1xxx/CVE-2013-1814.json +++ b/2013/1xxx/CVE-2013-1814.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130312 [CVE-2013-1814] Apache Rave exposes User over API", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html" - }, - { - "name" : "24744", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24744/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24744", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24744/" + }, + { + "name": "20130312 [CVE-2013-1814] Apache Rave exposes User over API", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3975.json b/2013/3xxx/CVE-2013-3975.json index db1842e7cdc..02240fb4c1d 100644 --- a/2013/3xxx/CVE-2013-3975.json +++ b/2013/3xxx/CVE-2013-3975.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671201" - }, - { - "name" : "sametime-cve20133975-info-disc(84855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sametime-cve20133975-info-disc(84855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84855" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4043.json b/2013/4xxx/CVE-2013-4043.json index 26620afebcb..75376aa9696 100644 --- a/2013/4xxx/CVE-2013-4043.json +++ b/2013/4xxx/CVE-2013-4043.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-4043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21661169", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21661169" - }, - { - "name" : "PI07828", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07828" - }, - { - "name" : "ibm-spss-cve20134043-content(86419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-spss-cve20134043-content(86419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86419" + }, + { + "name": "PI07828", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07828" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21661169", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21661169" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4268.json b/2013/4xxx/CVE-2013-4268.json index b199ebcbc74..e9dae78067b 100644 --- a/2013/4xxx/CVE-2013-4268.json +++ b/2013/4xxx/CVE-2013-4268.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4268", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4268", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4518.json b/2013/4xxx/CVE-2013-4518.json index 945d7772618..50fcca761c1 100644 --- a/2013/4xxx/CVE-2013-4518.json +++ b/2013/4xxx/CVE-2013-4518.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4518", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4518", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4542.json b/2013/4xxx/CVE-2013-4542.json index 15d2f1e3cda..0b83b456418 100644 --- a/2013/4xxx/CVE-2013-4542.json +++ b/2013/4xxx/CVE-2013-4542.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3c3ce981423e0d6c18af82ee62f1850c2cda5976", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3c3ce981423e0d6c18af82ee62f1850c2cda5976" - }, - { - "name" : "FEDORA-2014-6288", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" - }, - { - "name" : "RHSA-2014:0743", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0743.html" - }, - { - "name" : "RHSA-2014:0744", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0744.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0743", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html" + }, + { + "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" + }, + { + "name": "RHSA-2014:0744", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3c3ce981423e0d6c18af82ee62f1850c2cda5976", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3c3ce981423e0d6c18af82ee62f1850c2cda5976" + }, + { + "name": "FEDORA-2014-6288", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4804.json b/2013/4xxx/CVE-2013-4804.json index e1eb885e003..c618564d89c 100644 --- a/2013/4xxx/CVE-2013-4804.json +++ b/2013/4xxx/CVE-2013-4804.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02901", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03844594" - }, - { - "name" : "SSRT101197", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03844594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101197", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03844594" + }, + { + "name": "HPSBMU02901", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03844594" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5050.json b/2013/5xxx/CVE-2013-5050.json index 5178f1344b2..84d370fd2ec 100644 --- a/2013/5xxx/CVE-2013-5050.json +++ b/2013/5xxx/CVE-2013-5050.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5050", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5050", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5175.json b/2013/5xxx/CVE-2013-5175.json index 989b453c1dd..f392aefb2b3 100644 --- a/2013/5xxx/CVE-2013-5175.json +++ b/2013/5xxx/CVE-2013-5175.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2013-10-22-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-10-22-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12246.json b/2017/12xxx/CVE-2017-12246.json index e1a45e788d9..c94bdc0a1b8 100644 --- a/2017/12xxx/CVE-2017-12246.json +++ b/2017/12xxx/CVE-2017-12246.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Adaptive Security Appliance Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Adaptive Security Appliance Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products: ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, ISA 3000 Industrial Security Appliance. Cisco Bug IDs: CSCvd59063." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Adaptive Security Appliance Software", + "version": { + "version_data": [ + { + "version_value": "Cisco Adaptive Security Appliance Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa" - }, - { - "name" : "101165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101165" - }, - { - "name" : "1039503", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products: ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, ISA 3000 Industrial Security Appliance. Cisco Bug IDs: CSCvd59063." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa" + }, + { + "name": "1039503", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039503" + }, + { + "name": "101165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101165" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12276.json b/2017/12xxx/CVE-2017-12276.json index b8dfb6f47ec..182c454a34c 100644 --- a/2017/12xxx/CVE-2017-12276.json +++ b/2017/12xxx/CVE-2017-12276.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Provisioning", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Collaboration Provisioning" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.3. Cisco Bug IDs: CSCvf47935." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Provisioning", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Collaboration Provisioning" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-cpcp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-cpcp" - }, - { - "name" : "101640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101640" - }, - { - "name" : "1039711", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.3. Cisco Bug IDs: CSCvf47935." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039711", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039711" + }, + { + "name": "101640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101640" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-cpcp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-cpcp" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12686.json b/2017/12xxx/CVE-2017-12686.json index bec8322fc41..8dc0c74d9f7 100644 --- a/2017/12xxx/CVE-2017-12686.json +++ b/2017/12xxx/CVE-2017-12686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12686", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12686", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12814.json b/2017/12xxx/CVE-2017-12814.json index d0c5d65d488..84500dc7ff7 100644 --- a/2017/12xxx/CVE-2017-12814.json +++ b/2017/12xxx/CVE-2017-12814.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1", - "refsource" : "CONFIRM", - "url" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1" - }, - { - "name" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1", - "refsource" : "CONFIRM", - "url" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1" - }, - { - "name" : "https://rt.perl.org/Public/Bug/Display.html?id=131665", - "refsource" : "CONFIRM", - "url" : "https://rt.perl.org/Public/Bug/Display.html?id=131665" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180426-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180426-0001/" - }, - { - "name" : "101051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rt.perl.org/Public/Bug/Display.html?id=131665", + "refsource": "CONFIRM", + "url": "https://rt.perl.org/Public/Bug/Display.html?id=131665" + }, + { + "name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1", + "refsource": "CONFIRM", + "url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1" + }, + { + "name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1", + "refsource": "CONFIRM", + "url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180426-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180426-0001/" + }, + { + "name": "101051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101051" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13578.json b/2017/13xxx/CVE-2017-13578.json index 3f48d5b8294..cb9886a46eb 100644 --- a/2017/13xxx/CVE-2017-13578.json +++ b/2017/13xxx/CVE-2017-13578.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13578", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13578", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13798.json b/2017/13xxx/CVE-2017-13798.json index 307131b334e..2ba8428ec3a 100644 --- a/2017/13xxx/CVE-2017-13798.json +++ b/2017/13xxx/CVE-2017-13798.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43175", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43175/" - }, - { - "name" : "https://support.apple.com/HT208219", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208219" - }, - { - "name" : "https://support.apple.com/HT208222", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208222" - }, - { - "name" : "https://support.apple.com/HT208223", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208223" - }, - { - "name" : "https://support.apple.com/HT208224", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208224" - }, - { - "name" : "https://support.apple.com/HT208225", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208225" - }, - { - "name" : "GLSA-201712-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-01" - }, - { - "name" : "1039703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208225", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208225" + }, + { + "name": "https://support.apple.com/HT208222", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208222" + }, + { + "name": "43175", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43175/" + }, + { + "name": "https://support.apple.com/HT208219", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208219" + }, + { + "name": "https://support.apple.com/HT208224", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208224" + }, + { + "name": "GLSA-201712-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-01" + }, + { + "name": "1039703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039703" + }, + { + "name": "https://support.apple.com/HT208223", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208223" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13929.json b/2017/13xxx/CVE-2017-13929.json index f60a9e07533..955030880af 100644 --- a/2017/13xxx/CVE-2017-13929.json +++ b/2017/13xxx/CVE-2017-13929.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13929", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13929", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16687.json b/2017/16xxx/CVE-2017-16687.json index 3a9c963a011..46a3722c168 100644 --- a/2017/16xxx/CVE-2017-16687.json +++ b/2017/16xxx/CVE-2017-16687.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-16687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP HANA extended application services", - "version" : { - "version_data" : [ - { - "version_value" : "SAP HANA Database 1.00, 2.00" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-16687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP HANA extended application services", + "version": { + "version_data": [ + { + "version_value": "SAP HANA Database 1.00, 2.00" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2549983", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2549983" - }, - { - "name" : "102152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2549983", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2549983" + }, + { + "name": "102152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102152" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17626.json b/2017/17xxx/CVE-2017-17626.json index 79eecfa399d..375dfe7f5ff 100644 --- a/2017/17xxx/CVE-2017-17626.json +++ b/2017/17xxx/CVE-2017-17626.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43295", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43295/" - }, - { - "name" : "https://packetstormsecurity.com/files/145338/Readymade-PHP-Classified-Script-3.3-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145338/Readymade-PHP-Classified-Script-3.3-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145338/Readymade-PHP-Classified-Script-3.3-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145338/Readymade-PHP-Classified-Script-3.3-SQL-Injection.html" + }, + { + "name": "43295", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43295/" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4274.json b/2017/4xxx/CVE-2017-4274.json index eef61de0451..a0fe1e47abc 100644 --- a/2017/4xxx/CVE-2017-4274.json +++ b/2017/4xxx/CVE-2017-4274.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4274", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4274", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4449.json b/2017/4xxx/CVE-2017-4449.json index 266f7aa6ab9..11d5d9827be 100644 --- a/2017/4xxx/CVE-2017-4449.json +++ b/2017/4xxx/CVE-2017-4449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4449", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4449", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4597.json b/2017/4xxx/CVE-2017-4597.json index 288878ae80b..cf641a670a2 100644 --- a/2017/4xxx/CVE-2017-4597.json +++ b/2017/4xxx/CVE-2017-4597.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4597", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4597", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4638.json b/2017/4xxx/CVE-2017-4638.json index 4bd960309f9..89de10bb300 100644 --- a/2017/4xxx/CVE-2017-4638.json +++ b/2017/4xxx/CVE-2017-4638.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4638", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4638", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4840.json b/2017/4xxx/CVE-2017-4840.json index 41e93e17e0d..4de6c8d521a 100644 --- a/2017/4xxx/CVE-2017-4840.json +++ b/2017/4xxx/CVE-2017-4840.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4840", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4840", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18103.json b/2018/18xxx/CVE-2018-18103.json index 7859a88167f..41e2dcb2343 100644 --- a/2018/18xxx/CVE-2018-18103.json +++ b/2018/18xxx/CVE-2018-18103.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18103", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18103", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18331.json b/2018/18xxx/CVE-2018-18331.json index 1c88684cc31..b1882d8242c 100644 --- a/2018/18xxx/CVE-2018-18331.json +++ b/2018/18xxx/CVE-2018-18331.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-18331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan", - "version" : { - "version_data" : [ - { - "version_value" : "XG (12.0)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Weak File Permissions" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-18331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan", + "version": { + "version_data": [ + { + "version_value": "XG (12.0)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://success.trendmicro.com/solution/1121674", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1121674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weak File Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1121674", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1121674" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18641.json b/2018/18xxx/CVE-2018-18641.json index 4b1ddb0ffaf..8d924eb06d7 100644 --- a/2018/18xxx/CVE-2018-18641.json +++ b/2018/18xxx/CVE-2018-18641.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/51113", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/51113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51113", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51113" + }, + { + "name": "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18726.json b/2018/18xxx/CVE-2018-18726.json index 3c6c04ae650..e6da632142a 100644 --- a/2018/18xxx/CVE-2018-18726.json +++ b/2018/18xxx/CVE-2018-18726.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/source-trace/yunucms/issues/8", - "refsource" : "MISC", - "url" : "https://github.com/source-trace/yunucms/issues/8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/source-trace/yunucms/issues/8", + "refsource": "MISC", + "url": "https://github.com/source-trace/yunucms/issues/8" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18779.json b/2018/18xxx/CVE-2018-18779.json index 7fc1e0a2df7..c9bb3b55823 100644 --- a/2018/18xxx/CVE-2018-18779.json +++ b/2018/18xxx/CVE-2018-18779.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18779", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18779", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1800.json b/2018/1xxx/CVE-2018-1800.json index 0258f3964c1..cccc2ad0420 100644 --- a/2018/1xxx/CVE-2018-1800.json +++ b/2018/1xxx/CVE-2018-1800.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-13T00:00:00", - "ID" : "CVE-2018-1800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.6.3" - }, - { - "version_value" : "5.2.6.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring. IBM X-Force ID: 149607." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "L", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.100", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-09-13T00:00:00", + "ID": "CVE-2018-1800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2.6.3" + }, + { + "version_value": "5.2.6.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731379", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731379" - }, - { - "name" : "ibm-sterling-cve20181800-info-disc(149607)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring. IBM X-Force ID: 149607." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "L", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.100", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sterling-cve20181800-info-disc(149607)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149607" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10731379", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731379" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5149.json b/2018/5xxx/CVE-2018-5149.json index bcf3f0c5349..97821c1f3aa 100644 --- a/2018/5xxx/CVE-2018-5149.json +++ b/2018/5xxx/CVE-2018-5149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5149", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5149", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5842.json b/2018/5xxx/CVE-2018-5842.json index 43972770f9d..b4b3cae3985 100644 --- a/2018/5xxx/CVE-2018-5842.json +++ b/2018/5xxx/CVE-2018-5842.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2018-5842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2018-5842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file