diff --git a/2001/0xxx/CVE-2001-0056.json b/2001/0xxx/CVE-2001-0056.json index b2bed15c3a3..573ea4d60ed 100644 --- a/2001/0xxx/CVE-2001-0056.json +++ b/2001/0xxx/CVE-2001-0056.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001204 Multiple Vulnerabilities in CBOS", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/CBOS-multiple.shtml" - }, - { - "name" : "cisco-cbos-invalid-login(5628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-cbos-invalid-login(5628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5628" + }, + { + "name": "20001204 Multiple Vulnerabilities in CBOS", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/CBOS-multiple.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0266.json b/2001/0xxx/CVE-2001-0266.json index 8608f823d52..0453c717599 100644 --- a/2001/0xxx/CVE-2001-0266.json +++ b/2001/0xxx/CVE-2001-0266.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0102-143", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q1/0069.html" - }, - { - "name" : "6033", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6033", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6033" + }, + { + "name": "HPSBUX0102-143", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q1/0069.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0274.json b/2001/0xxx/CVE-2001-0274.json index 33749ba151c..7280374be7b 100644 --- a/2001/0xxx/CVE-2001-0274.json +++ b/2001/0xxx/CVE-2001-0274.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010214 Security hole in kicq", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html" - }, - { - "name" : "20010303 Re: Security hole in kicq", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html" - }, - { - "name" : "kicq-execute-commands(6112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kicq-execute-commands(6112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6112" + }, + { + "name": "20010303 Re: Security hole in kicq", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html" + }, + { + "name": "20010214 Security hole in kicq", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0759.json b/2001/0xxx/CVE-2001-0759.json index 5ff101fd3f9..12f6057765a 100644 --- a/2001/0xxx/CVE-2001-0759.json +++ b/2001/0xxx/CVE-2001-0759.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010614 Buffer overflow in BestCrypt for Linux", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/191111" - }, - { - "name" : "2875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010614 Buffer overflow in BestCrypt for Linux", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/191111" + }, + { + "name": "2875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2875" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1438.json b/2001/1xxx/CVE-2001-1438.json index 032363e1729..b1be91ff10a 100644 --- a/2001/1xxx/CVE-2001-1438.json +++ b/2001/1xxx/CVE-2001-1438.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011022 PalmOS crashes receiving SMS images using Handspring VisorPhone", - "refsource" : "VULN-DEV", - "url" : "http://www.securityfocus.com/archive/82/222110" - }, - { - "name" : "VU#222739", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/222739" - }, - { - "name" : "handspring-visor-sms-dos(10637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011022 PalmOS crashes receiving SMS images using Handspring VisorPhone", + "refsource": "VULN-DEV", + "url": "http://www.securityfocus.com/archive/82/222110" + }, + { + "name": "VU#222739", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/222739" + }, + { + "name": "handspring-visor-sms-dos(10637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10637" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1447.json b/2001/1xxx/CVE-2001-1447.json index bbac0c3a166..370a7832db8 100644 --- a/2001/1xxx/CVE-2001-1447.json +++ b/2001/1xxx/CVE-2001-1447.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) \"recent items\" and (2) \"services\" menus, which causes the applications to run with root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011017 Mac OS X setuid root security hole", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0121.html" - }, - { - "name" : "20011017 Re: Mac OS X setuid root security hole", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0130.html" - }, - { - "name" : "VU#945747", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/945747" - }, - { - "name" : "M-007", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-007.shtml" - }, - { - "name" : "3439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3439" - }, - { - "name" : "macos-netinfo-root-privileges(7303)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) \"recent items\" and (2) \"services\" menus, which causes the applications to run with root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "M-007", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-007.shtml" + }, + { + "name": "20011017 Re: Mac OS X setuid root security hole", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0130.html" + }, + { + "name": "VU#945747", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/945747" + }, + { + "name": "20011017 Mac OS X setuid root security hole", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0121.html" + }, + { + "name": "3439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3439" + }, + { + "name": "macos-netinfo-root-privileges(7303)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7303" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2162.json b/2006/2xxx/CVE-2006-2162.json index 957dbcb62e4..c745a4ccd64 100644 --- a/2006/2xxx/CVE-2006-2162.json +++ b/2006/2xxx/CVE-2006-2162.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=7890", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=7890" - }, - { - "name" : "http://www.nagios.org/development/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.nagios.org/development/changelog.php" - }, - { - "name" : "DSA-1072", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1072" - }, - { - "name" : "GLSA-200605-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml" - }, - { - "name" : "SUSE-SR:2006:011", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_19.html" - }, - { - "name" : "USN-282-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/282-1/" - }, - { - "name" : "17879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17879" - }, - { - "name" : "ADV-2006-1662", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1662" - }, - { - "name" : "19991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19991" - }, - { - "name" : "19998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19998" - }, - { - "name" : "20013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20013" - }, - { - "name" : "20215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20215" - }, - { - "name" : "20247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20247" - }, - { - "name" : "nagios-multiple-scripts-bo(26253)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200605-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml" + }, + { + "name": "USN-282-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/282-1/" + }, + { + "name": "DSA-1072", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1072" + }, + { + "name": "SUSE-SR:2006:011", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_19.html" + }, + { + "name": "http://www.nagios.org/development/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.nagios.org/development/changelog.php" + }, + { + "name": "ADV-2006-1662", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1662" + }, + { + "name": "19998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19998" + }, + { + "name": "19991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19991" + }, + { + "name": "nagios-multiple-scripts-bo(26253)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26253" + }, + { + "name": "20013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20013" + }, + { + "name": "20215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20215" + }, + { + "name": "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=7890", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=7890" + }, + { + "name": "17879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17879" + }, + { + "name": "20247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20247" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2309.json b/2006/2xxx/CVE-2006-2309.json index 7bd80590f5f..165f95e6e20 100644 --- a/2006/2xxx/CVE-2006-2309.json +++ b/2006/2xxx/CVE-2006-2309.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-2309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060531 Secunia Research: Eserv/3 IMAP and HTTP Server MultipleVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435415/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-37/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-37/advisory/" - }, - { - "name" : "http://www.eserv.ru/ru/news/news_detail.php?ID=235", - "refsource" : "CONFIRM", - "url" : "http://www.eserv.ru/ru/news/news_detail.php?ID=235" - }, - { - "name" : "18179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18179" - }, - { - "name" : "ADV-2006-2066", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2066" - }, - { - "name" : "20059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20059" - }, - { - "name" : "1006", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1006" - }, - { - "name" : "eserv-file-extension-source-code-disclosure(26741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20059" + }, + { + "name": "1006", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1006" + }, + { + "name": "http://secunia.com/secunia_research/2006-37/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-37/advisory/" + }, + { + "name": "eserv-file-extension-source-code-disclosure(26741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26741" + }, + { + "name": "ADV-2006-2066", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2066" + }, + { + "name": "18179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18179" + }, + { + "name": "20060531 Secunia Research: Eserv/3 IMAP and HTTP Server MultipleVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435415/100/0/threaded" + }, + { + "name": "http://www.eserv.ru/ru/news/news_detail.php?ID=235", + "refsource": "CONFIRM", + "url": "http://www.eserv.ru/ru/news/news_detail.php?ID=235" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2442.json b/2006/2xxx/CVE-2006-2442.json index 99d08e5c329..b3878103e1e 100644 --- a/2006/2xxx/CVE-2006-2442.json +++ b/2006/2xxx/CVE-2006-2442.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337830", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337830" - }, - { - "name" : "DSA-1062", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1062" - }, - { - "name" : "MDKSA-2006:089", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:089" - }, - { - "name" : "18049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18049" - }, - { - "name" : "ADV-2006-1862", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:089", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:089" + }, + { + "name": "18049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18049" + }, + { + "name": "ADV-2006-1862", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1862" + }, + { + "name": "DSA-1062", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1062" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337830", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337830" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2456.json b/2006/2xxx/CVE-2006-2456.json index 0a5881380f1..afd8d4c5704 100644 --- a/2006/2xxx/CVE-2006-2456.json +++ b/2006/2xxx/CVE-2006-2456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2551.json b/2006/2xxx/CVE-2006-2551.json index 478b9a220b4..3a6d2e147e9 100644 --- a/2006/2xxx/CVE-2006-2551.json +++ b/2006/2xxx/CVE-2006-2551.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-109.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-109.htm" - }, - { - "name" : "HPSBUX02120", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434717/100/0/threaded" - }, - { - "name" : "SSRT051057", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434717/100/0/threaded" - }, - { - "name" : "18057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18057" - }, - { - "name" : "oval:org.mitre.oval:def:5702", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5702" - }, - { - "name" : "ADV-2006-1913", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1913" - }, - { - "name" : "1016135", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016135" - }, - { - "name" : "20227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20227" - }, - { - "name" : "20459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20459" - }, - { - "name" : "21140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21140" - }, - { - "name" : "hp-kernel-dos(26593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5702", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5702" + }, + { + "name": "21140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21140" + }, + { + "name": "20459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20459" + }, + { + "name": "1016135", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016135" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-109.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-109.htm" + }, + { + "name": "18057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18057" + }, + { + "name": "HPSBUX02120", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434717/100/0/threaded" + }, + { + "name": "SSRT051057", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434717/100/0/threaded" + }, + { + "name": "hp-kernel-dos(26593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26593" + }, + { + "name": "ADV-2006-1913", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1913" + }, + { + "name": "20227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20227" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2848.json b/2006/2xxx/CVE-2006-2848.json index 08402e89e7c..546beabcb15 100644 --- a/2006/2xxx/CVE-2006-2848.json +++ b/2006/2xxx/CVE-2006-2848.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435735/100/0/threaded" - }, - { - "name" : "1859", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435735/100/0/threaded" + }, + { + "name": "1859", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1859" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5600.json b/2008/5xxx/CVE-2008-5600.json index f53f38c2970..c492e15bf24 100644 --- a/2008/5xxx/CVE-2008-5600.json +++ b/2008/5xxx/CVE-2008-5600.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7352", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7352" - }, - { - "name" : "33009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33009" - }, - { - "name" : "4757", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4757" - }, - { - "name" : "merlix-teamworx-information-disclosure(47125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33009" + }, + { + "name": "4757", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4757" + }, + { + "name": "merlix-teamworx-information-disclosure(47125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47125" + }, + { + "name": "7352", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7352" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5931.json b/2008/5xxx/CVE-2008-5931.json index 8091dce28d5..92693f70db5 100644 --- a/2008/5xxx/CVE-2008-5931.json +++ b/2008/5xxx/CVE-2008-5931.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7436", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7436" - }, - { - "name" : "33134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33134" - }, - { - "name" : "4931", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4931" - }, - { - "name" : "aspired2blog-blog-info-disclosure(47294)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4931", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4931" + }, + { + "name": "aspired2blog-blog-info-disclosure(47294)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47294" + }, + { + "name": "7436", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7436" + }, + { + "name": "33134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33134" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5935.json b/2008/5xxx/CVE-2008-5935.json index eaaf3ea90e5..ae9b1a3306a 100644 --- a/2008/5xxx/CVE-2008-5935.json +++ b/2008/5xxx/CVE-2008-5935.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081211 facto Database Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499125/100/0/threaded" - }, - { - "name" : "4934", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4934" - }, - { - "name" : "facto-facto-information-disclosure(47278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4934", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4934" + }, + { + "name": "20081211 facto Database Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499125/100/0/threaded" + }, + { + "name": "facto-facto-information-disclosure(47278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47278" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2075.json b/2011/2xxx/CVE-2011-2075.json index cafa17209d8..e2ed40550b0 100644 --- a/2011/2xxx/CVE-2011-2075.json +++ b/2011/2xxx/CVE-2011-2075.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php", - "refsource" : "MISC", - "url" : "http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php" - }, - { - "name" : "http://www.youtube.com/watch?v=c8cQ0yU89sk", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=c8cQ0yU89sk" - }, - { - "name" : "47771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47771" - }, - { - "name" : "oval:org.mitre.oval:def:14099", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47771" + }, + { + "name": "http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php", + "refsource": "MISC", + "url": "http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php" + }, + { + "name": "http://www.youtube.com/watch?v=c8cQ0yU89sk", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=c8cQ0yU89sk" + }, + { + "name": "oval:org.mitre.oval:def:14099", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14099" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2332.json b/2011/2xxx/CVE-2011-2332.json index 9ca214ea7ee..d0d4174c462 100644 --- a/2011/2xxx/CVE-2011-2332.json +++ b/2011/2xxx/CVE-2011-2332.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=83275", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=83275" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html" - }, - { - "name" : "48129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48129" - }, - { - "name" : "72790", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72790" - }, - { - "name" : "oval:org.mitre.oval:def:14242", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14242" - }, - { - "name" : "44829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44829" - }, - { - "name" : "chrome-v8-security-bypass(67903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72790", + "refsource": "OSVDB", + "url": "http://osvdb.org/72790" + }, + { + "name": "chrome-v8-security-bypass(67903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67903" + }, + { + "name": "44829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44829" + }, + { + "name": "oval:org.mitre.oval:def:14242", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14242" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=83275", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=83275" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html" + }, + { + "name": "48129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48129" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2335.json b/2011/2xxx/CVE-2011-2335.json index 7b5c6fbc211..8e386914301 100644 --- a/2011/2xxx/CVE-2011-2335.json +++ b/2011/2xxx/CVE-2011-2335.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2335", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2335", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2795.json b/2011/2xxx/CVE-2011-2795.json index e5b12443661..965a701cd70 100644 --- a/2011/2xxx/CVE-2011-2795.json +++ b/2011/2xxx/CVE-2011-2795.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a \"cross-frame function leak.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=87339", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=87339" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" - }, - { - "name" : "74245", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74245" - }, - { - "name" : "oval:org.mitre.oval:def:14653", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14653" - }, - { - "name" : "google-chrome-function-info-disclosure(68957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a \"cross-frame function leak.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74245", + "refsource": "OSVDB", + "url": "http://osvdb.org/74245" + }, + { + "name": "oval:org.mitre.oval:def:14653", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14653" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=87339", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=87339" + }, + { + "name": "google-chrome-function-info-disclosure(68957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68957" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2939.json b/2011/2xxx/CVE-2011-2939.json index 54e107b91ce..4f13b2ef4ad 100644 --- a/2011/2xxx/CVE-2011-2939.json +++ b/2011/2xxx/CVE-2011-2939.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/18/8" - }, - { - "name" : "[oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/19/17" - }, - { - "name" : "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5", - "refsource" : "CONFIRM", - "url" : "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5" - }, - { - "name" : "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)", - "refsource" : "CONFIRM", - "url" : "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=731246", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=731246" - }, - { - "name" : "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod" - }, - { - "name" : "MDVSA-2012:008", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008" - }, - { - "name" : "RHSA-2011:1424", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1424.html" - }, - { - "name" : "USN-1643-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1643-1" - }, - { - "name" : "49858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49858" - }, - { - "name" : "46989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46989" - }, - { - "name" : "51457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51457" - }, - { - "name" : "46172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46172" - }, - { - "name" : "55314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46989" + }, + { + "name": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod" + }, + { + "name": "55314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55314" + }, + { + "name": "USN-1643-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1643-1" + }, + { + "name": "49858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49858" + }, + { + "name": "[oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/18/8" + }, + { + "name": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5", + "refsource": "CONFIRM", + "url": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5" + }, + { + "name": "46172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46172" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=731246", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731246" + }, + { + "name": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)", + "refsource": "CONFIRM", + "url": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)" + }, + { + "name": "MDVSA-2012:008", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008" + }, + { + "name": "RHSA-2011:1424", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html" + }, + { + "name": "[oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/19/17" + }, + { + "name": "51457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51457" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2990.json b/2011/2xxx/CVE-2011-2990.json index 4c419c7496d..83525645e25 100644 --- a/2011/2xxx/CVE-2011-2990.json +++ b/2011/2xxx/CVE-2011-2990.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=664983", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=664983" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679588", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679588" - }, - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html" - }, - { - "name" : "SUSE-SA:2011:037", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" - }, - { - "name" : "oval:org.mitre.oval:def:14458", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14458", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14458" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=664983", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=664983" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=679588", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=679588" + }, + { + "name": "SUSE-SA:2011:037", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3163.json b/2011/3xxx/CVE-2011-3163.json index 22541918e65..2c8d0a1d2fe 100644 --- a/2011/3xxx/CVE-2011-3163.json +++ b/2011/3xxx/CVE-2011-3163.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-3163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI02711", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131914362310845&w=2" - }, - { - "name" : "SSRT100647", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131914362310845&w=2" - }, - { - "name" : "50297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50297" - }, - { - "name" : "46532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46532" - }, - { - "name" : "8479", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100647", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131914362310845&w=2" + }, + { + "name": "8479", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8479" + }, + { + "name": "50297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50297" + }, + { + "name": "HPSBPI02711", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131914362310845&w=2" + }, + { + "name": "46532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46532" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3258.json b/2011/3xxx/CVE-2011-3258.json index 58a350356c5..c9f17a59417 100644 --- a/2011/3xxx/CVE-2011-3258.json +++ b/2011/3xxx/CVE-2011-3258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3258", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3258", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3310.json b/2011/3xxx/CVE-2011-3310.json index 71c6e96107e..b02de9c4a51 100644 --- a/2011/3xxx/CVE-2011-3310.json +++ b/2011/3xxx/CVE-2011-3310.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs" - }, - { - "name" : "50284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50284" - }, - { - "name" : "46533", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46533" - }, - { - "name" : "ciscoworks-common-services-command-exec(70759)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs" + }, + { + "name": "50284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50284" + }, + { + "name": "46533", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46533" + }, + { + "name": "ciscoworks-common-services-command-exec(70759)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70759" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3506.json b/2011/3xxx/CVE-2011-3506.json index 5471eaf203e..35cf4e8e6ad 100644 --- a/2011/3xxx/CVE-2011-3506.json +++ b/2011/3xxx/CVE-2011-3506.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "RHSA-2012:1232", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1232.html" - }, - { - "name" : "46527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46527" - }, - { - "name" : "46528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46528" - }, - { - "name" : "50084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46527" + }, + { + "name": "46528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46528" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "50084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50084" + }, + { + "name": "RHSA-2012:1232", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3842.json b/2011/3xxx/CVE-2011-3842.json index 39771494b6f..5b72f38caae 100644 --- a/2011/3xxx/CVE-2011-3842.json +++ b/2011/3xxx/CVE-2011-3842.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3842", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3842", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0269.json b/2013/0xxx/CVE-2013-0269.json index b7937a1e6f3..ebac9ac1836 100644 --- a/2013/0xxx/CVE-2013-0269.json +++ b/2013/0xxx/CVE-2013-0269.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/11/7" - }, - { - "name" : "[oss-security] 20130211 Patch update for [CVE-2013-0269]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/11/8" - }, - { - "name" : "[rubyonrails-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]", - "refsource" : "MLIST", - "url" : "https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain" - }, - { - "name" : "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection", - "refsource" : "MISC", - "url" : "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection" - }, - { - "name" : "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" - }, - { - "name" : "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed", - "refsource" : "CONFIRM", - "url" : "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed" - }, - { - "name" : "https://puppet.com/security/cve/cve-2013-0269", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2013-0269" - }, - { - "name" : "APPLE-SA-2013-10-22-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" - }, - { - "name" : "RHSA-2013:0686", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0686.html" - }, - { - "name" : "RHSA-2013:0701", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0701.html" - }, - { - "name" : "RHSA-2013:1028", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1028.html" - }, - { - "name" : "RHSA-2013:1147", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1147.html" - }, - { - "name" : "SSA:2013-075-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862" - }, - { - "name" : "openSUSE-SU-2013:0603", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html" - }, - { - "name" : "SUSE-SU-2013:0609", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html" - }, - { - "name" : "SUSE-SU-2013:0647", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html" - }, - { - "name" : "USN-1733-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1733-1" - }, - { - "name" : "57899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57899" - }, - { - "name" : "90074", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/90074" - }, - { - "name" : "52075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52075" - }, - { - "name" : "52774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52774" - }, - { - "name" : "52902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52902" - }, - { - "name" : "json-ruby-security-bypass(82010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0701", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0701.html" + }, + { + "name": "openSUSE-SU-2013:0603", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html" + }, + { + "name": "APPLE-SA-2013-10-22-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" + }, + { + "name": "SSA:2013-075-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862" + }, + { + "name": "52774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52774" + }, + { + "name": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed", + "refsource": "CONFIRM", + "url": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed" + }, + { + "name": "[rubyonrails-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]", + "refsource": "MLIST", + "url": "https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain" + }, + { + "name": "90074", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/90074" + }, + { + "name": "https://puppet.com/security/cve/cve-2013-0269", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2013-0269" + }, + { + "name": "52902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52902" + }, + { + "name": "RHSA-2013:0686", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" + }, + { + "name": "57899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57899" + }, + { + "name": "[oss-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/11/7" + }, + { + "name": "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection", + "refsource": "MISC", + "url": "http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection" + }, + { + "name": "[oss-security] 20130211 Patch update for [CVE-2013-0269]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/11/8" + }, + { + "name": "USN-1733-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1733-1" + }, + { + "name": "SUSE-SU-2013:0609", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html" + }, + { + "name": "RHSA-2013:1028", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1028.html" + }, + { + "name": "json-ruby-security-bypass(82010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82010" + }, + { + "name": "RHSA-2013:1147", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html" + }, + { + "name": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" + }, + { + "name": "52075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52075" + }, + { + "name": "SUSE-SU-2013:0647", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0299.json b/2013/0xxx/CVE-2013-0299.json index 436ff6ec26d..c3a2bc63880 100644 --- a/2013/0xxx/CVE-2013-0299.json +++ b/2013/0xxx/CVE-2013-0299.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-004/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-004/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0566.json b/2013/0xxx/CVE-2013-0566.json index 5334f4791e8..8a4b6d62719 100644 --- a/2013/0xxx/CVE-2013-0566.json +++ b/2013/0xxx/CVE-2013-0566.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21647750", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21647750" - }, - { - "name" : "JR46776", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR46776" - }, - { - "name" : "wscommerce-cve20130566-xss(83139)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR46776", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR46776" + }, + { + "name": "wscommerce-cve20130566-xss(83139)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83139" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21647750", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21647750" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1157.json b/2013/1xxx/CVE-2013-1157.json index 2fa0f196cdc..e252ba942ab 100644 --- a/2013/1xxx/CVE-2013-1157.json +++ b/2013/1xxx/CVE-2013-1157.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud51068." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130430 Cisco Prime Central for Hosted Collaboration Solution ITM Java Servlet Container Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud51068." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130430 Cisco Prime Central for Hosted Collaboration Solution ITM Java Servlet Container Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1157" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1178.json b/2013/1xxx/CVE-2013-1178.json index df0eb0b907e..edc2e0b018a 100644 --- a/2013/1xxx/CVE-2013-1178.json +++ b/2013/1xxx/CVE-2013-1178.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130424 Multiple Vulnerabilities in Cisco NX-OS-Based Products", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-nxosmulti" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130424 Multiple Vulnerabilities in Cisco NX-OS-Based Products", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-nxosmulti" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1289.json b/2013/1xxx/CVE-2013-1289.json index d19d71eddc5..c143eca2ef3 100644 --- a/2013/1xxx/CVE-2013-1289.json +++ b/2013/1xxx/CVE-2013-1289.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035" - }, - { - "name" : "TA13-100A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-100A" - }, - { - "name" : "oval:org.mitre.oval:def:16599", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-100A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-100A" + }, + { + "name": "oval:org.mitre.oval:def:16599", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599" + }, + { + "name": "MS13-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1373.json b/2013/1xxx/CVE-2013-1373.json index 9c57a15baf2..9c67dbcc8dc 100644 --- a/2013/1xxx/CVE-2013-1373.json +++ b/2013/1xxx/CVE-2013-1373.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-1373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html" - }, - { - "name" : "RHSA-2013:0254", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0254.html" - }, - { - "name" : "SUSE-SU-2013:0296", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0295", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2013:0298", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html" - }, - { - "name" : "TA13-043A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0296", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html" + }, + { + "name": "RHSA-2013:0254", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0254.html" + }, + { + "name": "openSUSE-SU-2013:0295", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html" + }, + { + "name": "openSUSE-SU-2013:0298", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html" + }, + { + "name": "TA13-043A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-05.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-05.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1393.json b/2013/1xxx/CVE-2013-1393.json index 98b0fcce73a..7fe599332ef 100644 --- a/2013/1xxx/CVE-2013-1393.json +++ b/2013/1xxx/CVE-2013-1393.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the \"administer curvycorners\" permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130123 CVE-2013-1393", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jan/218" - }, - { - "name" : "20130123 [Security-news] SA-CONTRIB-2013-008 - CurvyCorners - Cross Site Scripting (XSS) - module unsupported", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jan/211" - }, - { - "name" : "https://drupal.org/node/1896718", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1896718" - }, - { - "name" : "http://packetstormsecurity.com/files/119766/Drupal-CurvyCorners-6.x-7.x-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/119766/Drupal-CurvyCorners-6.x-7.x-Cross-Site-Scripting.html" - }, - { - "name" : "http://packetstormsecurity.com/files/119814/CurvyCorners-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/119814/CurvyCorners-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.csnc.ch/misc/files/advisories/CVE-2013-1393.txt", - "refsource" : "MISC", - "url" : "http://www.csnc.ch/misc/files/advisories/CVE-2013-1393.txt" - }, - { - "name" : "57526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57526" - }, - { - "name" : "89571", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89571" - }, - { - "name" : "drupal-curvycorners-unspecified-xss(81499)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the \"administer curvycorners\" permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/119814/CurvyCorners-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/119814/CurvyCorners-Cross-Site-Scripting.html" + }, + { + "name": "http://packetstormsecurity.com/files/119766/Drupal-CurvyCorners-6.x-7.x-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/119766/Drupal-CurvyCorners-6.x-7.x-Cross-Site-Scripting.html" + }, + { + "name": "20130123 CVE-2013-1393", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jan/218" + }, + { + "name": "89571", + "refsource": "OSVDB", + "url": "http://osvdb.org/89571" + }, + { + "name": "20130123 [Security-news] SA-CONTRIB-2013-008 - CurvyCorners - Cross Site Scripting (XSS) - module unsupported", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jan/211" + }, + { + "name": "57526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57526" + }, + { + "name": "drupal-curvycorners-unspecified-xss(81499)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81499" + }, + { + "name": "http://www.csnc.ch/misc/files/advisories/CVE-2013-1393.txt", + "refsource": "MISC", + "url": "http://www.csnc.ch/misc/files/advisories/CVE-2013-1393.txt" + }, + { + "name": "https://drupal.org/node/1896718", + "refsource": "MISC", + "url": "https://drupal.org/node/1896718" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1503.json b/2013/1xxx/CVE-2013-1503.json index c53cf2f0036..cc0f35db0b2 100644 --- a/2013/1xxx/CVE-2013-1503.json +++ b/2013/1xxx/CVE-2013-1503.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1557.json b/2013/1xxx/CVE-2013-1557.json index 1456d4cbf5b..da2b2c6d0f9 100644 --- a/2013/1xxx/CVE-2013-1557.json +++ b/2013/1xxx/CVE-2013-1557.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"missing security restrictions\" in the LogStream.setDefaultStream method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" - }, - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/76eb3fb80740", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/76eb3fb80740" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952648", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952648" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645566", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645566" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" - }, - { - "name" : "IV40772", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40772" - }, - { - "name" : "APPLE-SA-2013-04-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02889", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" - }, - { - "name" : "SSRT101252", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" - }, - { - "name" : "HPSBUX02922", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "SSRT101305", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "MDVSA-2013:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" - }, - { - "name" : "MDVSA-2013:161", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" - }, - { - "name" : "RHSA-2013:0752", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html" - }, - { - "name" : "RHSA-2013:0757", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" - }, - { - "name" : "RHSA-2013:0758", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "SUSE-SU-2013:0814", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" - }, - { - "name" : "SUSE-SU-2013:0835", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html" - }, - { - "name" : "SUSE-SU-2013:0871", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html" - }, - { - "name" : "SUSE-SU-2013:0934", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0964", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" - }, - { - "name" : "USN-1806-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1806-1" - }, - { - "name" : "TA13-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" - }, - { - "name" : "59170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59170" - }, - { - "name" : "oval:org.mitre.oval:def:16688", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16688" - }, - { - "name" : "oval:org.mitre.oval:def:19294", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19294" - }, - { - "name" : "oval:org.mitre.oval:def:19672", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"missing security restrictions\" in the LogStream.setDefaultStream method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0835", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html" + }, + { + "name": "oval:org.mitre.oval:def:19294", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19294" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" + }, + { + "name": "SUSE-SU-2013:0871", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html" + }, + { + "name": "RHSA-2013:0758", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/76eb3fb80740", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/76eb3fb80740" + }, + { + "name": "APPLE-SA-2013-04-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" + }, + { + "name": "MDVSA-2013:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" + }, + { + "name": "oval:org.mitre.oval:def:19672", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19672" + }, + { + "name": "TA13-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A" + }, + { + "name": "IV40772", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40772" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" + }, + { + "name": "SSRT101252", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=952648", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952648" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT101305", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "59170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59170" + }, + { + "name": "RHSA-2013:0757", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html" + }, + { + "name": "HPSBUX02922", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21645566", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645566" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" + }, + { + "name": "openSUSE-SU-2013:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" + }, + { + "name": "MDVSA-2013:161", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" + }, + { + "name": "openSUSE-SU-2013:0964", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" + }, + { + "name": "RHSA-2013:0752", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html" + }, + { + "name": "USN-1806-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1806-1" + }, + { + "name": "oval:org.mitre.oval:def:16688", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16688" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "SUSE-SU-2013:0814", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" + }, + { + "name": "SUSE-SU-2013:0934", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html" + }, + { + "name": "HPSBUX02889", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1658.json b/2013/1xxx/CVE-2013-1658.json index 3d9cd633ed8..e0d49856a4c 100644 --- a/2013/1xxx/CVE-2013-1658.json +++ b/2013/1xxx/CVE-2013-1658.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1658", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1658", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4594.json b/2013/4xxx/CVE-2013-4594.json index 10a3468f576..73d5b979045 100644 --- a/2013/4xxx/CVE-2013-4594.json +++ b/2013/4xxx/CVE-2013-4594.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131118 Re: CVE request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/317" - }, - { - "name" : "https://drupal.org/node/2129373", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2129373" - }, - { - "name" : "https://drupal.org/node/2128345", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2128345" - }, - { - "name" : "55431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55431" + }, + { + "name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/317" + }, + { + "name": "https://drupal.org/node/2128345", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2128345" + }, + { + "name": "https://drupal.org/node/2129373", + "refsource": "MISC", + "url": "https://drupal.org/node/2129373" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5234.json b/2013/5xxx/CVE-2013-5234.json index 790645a9f4f..cc63446f9ca 100644 --- a/2013/5xxx/CVE-2013-5234.json +++ b/2013/5xxx/CVE-2013-5234.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5234", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5234", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5340.json b/2013/5xxx/CVE-2013-5340.json index b4ce16371c2..cd3d13b5349 100644 --- a/2013/5xxx/CVE-2013-5340.json +++ b/2013/5xxx/CVE-2013-5340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5340", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5340", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5446.json b/2013/5xxx/CVE-2013-5446.json index 85451a9a1c3..fd48879e458 100644 --- a/2013/5xxx/CVE-2013-5446.json +++ b/2013/5xxx/CVE-2013-5446.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21653546", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21653546" - }, - { - "name" : "IC93164", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC93164" - }, - { - "name" : "IC96617", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96617" - }, - { - "name" : "webspheredp-xc10-cve20135446-logoff(87910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21653546", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21653546" + }, + { + "name": "webspheredp-xc10-cve20135446-logoff(87910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87910" + }, + { + "name": "IC93164", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC93164" + }, + { + "name": "IC96617", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96617" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0324.json b/2017/0xxx/CVE-2017-0324.json index c2abff3973f..d75345e4b15 100644 --- a/2017/0xxx/CVE-2017-0324.json +++ b/2017/0xxx/CVE-2017-0324.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0620.json b/2017/0xxx/CVE-2017-0620.json index 417dfeaff0b..6c7d6e09898 100644 --- a/2017/0xxx/CVE-2017-0620.json +++ b/2017/0xxx/CVE-2017-0620.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98193" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000002.json b/2017/1000xxx/CVE-2017-1000002.json index 4594388ba9d..92be703b1cd 100644 --- a/2017/1000xxx/CVE-2017-1000002.json +++ b/2017/1000xxx/CVE-2017-1000002.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000002", - "REQUESTER" : "mattd@bugfuzz.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ATutor", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "ATutor" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000002", + "REQUESTER": "mattd@bugfuzz.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55", - "refsource" : "CONFIRM", - "url" : "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55" - }, - { - "name" : "http://www.atutor.ca/atutor/mantis/view.php?id=5681", - "refsource" : "CONFIRM", - "url" : "http://www.atutor.ca/atutor/mantis/view.php?id=5681" - }, - { - "name" : "99599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99599" + }, + { + "name": "http://www.atutor.ca/atutor/mantis/view.php?id=5681", + "refsource": "CONFIRM", + "url": "http://www.atutor.ca/atutor/mantis/view.php?id=5681" + }, + { + "name": "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55", + "refsource": "CONFIRM", + "url": "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000089.json b/2017/1000xxx/CVE-2017-1000089.json index c67d3ac3574..b2f10b0e7d1 100644 --- a/2017/1000xxx/CVE-2017-1000089.json +++ b/2017/1000xxx/CVE-2017-1000089.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.310507", - "ID" : "CVE-2017-1000089", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Pipeline: Build Step Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.5 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Pipeline: Build Step Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.310507", + "ID": "CVE-2017-1000089", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-07-10/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-07-10/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-07-10/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-07-10/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12061.json b/2017/12xxx/CVE-2017-12061.json index d1b649e3431..c03842f0b8d 100644 --- a/2017/12xxx/CVE-2017-12061.json +++ b/2017/12xxx/CVE-2017-12061.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/08/01/1", - "refsource" : "CONFIRM", - "url" : "http://openwall.com/lists/oss-security/2017/08/01/1" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/08/01/2", - "refsource" : "CONFIRM", - "url" : "http://openwall.com/lists/oss-security/2017/08/01/2" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5" - }, - { - "name" : "https://mantisbt.org/bugs/view.php?id=23146", - "refsource" : "CONFIRM", - "url" : "https://mantisbt.org/bugs/view.php?id=23146" - }, - { - "name" : "1039030", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openwall.com/lists/oss-security/2017/08/01/1", + "refsource": "CONFIRM", + "url": "http://openwall.com/lists/oss-security/2017/08/01/1" + }, + { + "name": "https://mantisbt.org/bugs/view.php?id=23146", + "refsource": "CONFIRM", + "url": "https://mantisbt.org/bugs/view.php?id=23146" + }, + { + "name": "1039030", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039030" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/08/01/2", + "refsource": "CONFIRM", + "url": "http://openwall.com/lists/oss-security/2017/08/01/2" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12310.json b/2017/12xxx/CVE-2017-12310.json index faa65a24b7f..590bc61cc4f 100644 --- a/2017/12xxx/CVE-2017-12310.json +++ b/2017/12xxx/CVE-2017-12310.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Spark Hybrid Calendar Service", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Spark Hybrid Calendar Service" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Spark Hybrid Calendar Service", + "version": { + "version_data": [ + { + "version_value": "Cisco Spark Hybrid Calendar Service" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16010.json b/2017/16xxx/CVE-2017-16010.json index a77cc2926e4..b65515d76a4 100644 --- a/2017/16xxx/CVE-2017-16010.json +++ b/2017/16xxx/CVE-2017-16010.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "i18next node module", - "version" : { - "version_data" : [ - { - "version_value" : ">=2.0.0 <=3.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Generic (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i18next node module", + "version": { + "version_data": [ + { + "version_value": ">=2.0.0 <=3.4.3" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/i18next/i18next/pull/826", - "refsource" : "MISC", - "url" : "https://github.com/i18next/i18next/pull/826" - }, - { - "name" : "https://nodesecurity.io/advisories/326", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/i18next/i18next/pull/826", + "refsource": "MISC", + "url": "https://github.com/i18next/i18next/pull/826" + }, + { + "name": "https://nodesecurity.io/advisories/326", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/326" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16432.json b/2017/16xxx/CVE-2017-16432.json index 813c1ae4e51..d7c463aec05 100644 --- a/2017/16xxx/CVE-2017-16432.json +++ b/2017/16xxx/CVE-2017-16432.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16432", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16432", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4723.json b/2017/4xxx/CVE-2017-4723.json index 603c8123108..d0f80072fb7 100644 --- a/2017/4xxx/CVE-2017-4723.json +++ b/2017/4xxx/CVE-2017-4723.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4723", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4723", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4766.json b/2017/4xxx/CVE-2017-4766.json index 49a63be70d7..2f6a1312396 100644 --- a/2017/4xxx/CVE-2017-4766.json +++ b/2017/4xxx/CVE-2017-4766.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4766", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4766", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4869.json b/2017/4xxx/CVE-2017-4869.json index 07618e15213..2d2d9302818 100644 --- a/2017/4xxx/CVE-2017-4869.json +++ b/2017/4xxx/CVE-2017-4869.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4869", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4869", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4912.json b/2017/4xxx/CVE-2017-4912.json index 830e4e9100f..9c8eea259a4 100644 --- a/2017/4xxx/CVE-2017-4912.json +++ b/2017/4xxx/CVE-2017-4912.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2017-4912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Workstation", - "version" : { - "version_data" : [ - { - "version_value" : "12.x prior to 12.5.3" - } - ] - } - }, - { - "product_name" : "Horizon View Client for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "4.x prior to 4.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read issues via Cortado ThinPrint" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2017-4912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Workstation", + "version": { + "version_data": [ + { + "version_value": "12.x prior to 12.5.3" + } + ] + } + }, + { + "product_name": "Horizon View Client for Windows", + "version": { + "version_data": [ + { + "version_value": "4.x prior to 4.4.0" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2017-0008.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2017-0008.html" - }, - { - "name" : "97921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97921" - }, - { - "name" : "1038280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038280" - }, - { - "name" : "1038281", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read issues via Cortado ThinPrint" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038281", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038281" + }, + { + "name": "97921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97921" + }, + { + "name": "1038280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038280" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18275.json b/2018/18xxx/CVE-2018-18275.json index b3e2e5ca3de..1082af2748e 100644 --- a/2018/18xxx/CVE-2018-18275.json +++ b/2018/18xxx/CVE-2018-18275.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18275", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18275", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18926.json b/2018/18xxx/CVE-2018-18926.json index f0d136e3621..9f8984abcd9 100644 --- a/2018/18xxx/CVE-2018-18926.json +++ b/2018/18xxx/CVE-2018-18926.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/go-gitea/gitea/issues/5140", - "refsource" : "MISC", - "url" : "https://github.com/go-gitea/gitea/issues/5140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/go-gitea/gitea/issues/5140", + "refsource": "MISC", + "url": "https://github.com/go-gitea/gitea/issues/5140" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5301.json b/2018/5xxx/CVE-2018-5301.json index abfef117868..d70d645e9e8 100644 --- a/2018/5xxx/CVE-2018-5301.json +++ b/2018/5xxx/CVE-2018-5301.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://magento.com/security/patches/magento-2010-and-212-security-update", - "refsource" : "CONFIRM", - "url" : "https://magento.com/security/patches/magento-2010-and-212-security-update" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://magento.com/security/patches/magento-2010-and-212-security-update", + "refsource": "CONFIRM", + "url": "https://magento.com/security/patches/magento-2010-and-212-security-update" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5400.json b/2018/5xxx/CVE-2018-5400.json index 2350945a50f..5eb1934e79d 100644 --- a/2018/5xxx/CVE-2018-5400.json +++ b/2018/5xxx/CVE-2018-5400.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "DATE_PUBLIC" : "2018-10-01T04:00:00.000Z", - "ID" : "CVE-2018-5400", - "STATE" : "PUBLIC", - "TITLE" : "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DCU-210E ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "ARMv7", - "version_name" : "3.7", - "version_value" : "3.7" - } - ] - } - }, - { - "product_name" : "RP-210E", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "ARMv7", - "version_name" : "3.7", - "version_value" : "3.7" - } - ] - } - }, - { - "product_name" : "Marine Pro Observer Android App", - "version" : { - "version_data" : [ - { - "affected" : "?", - "platform" : "android", - "version_value" : "0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Auto-Maskin" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 9.1, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-346: Origin Validation Error" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2018-10-01T04:00:00.000Z", + "ID": "CVE-2018-5400", + "STATE": "PUBLIC", + "TITLE": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DCU-210E ", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "ARMv7", + "version_name": "3.7", + "version_value": "3.7" + } + ] + } + }, + { + "product_name": "RP-210E", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "ARMv7", + "version_name": "3.7", + "version_value": "3.7" + } + ] + } + }, + { + "product_name": "Marine Pro Observer Android App", + "version": { + "version_data": [ + { + "affected": "?", + "platform": "android", + "version_value": "0.1" + } + ] + } + } + ] + }, + "vendor_name": "Auto-Maskin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#176301", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/176301" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication. \n" - } - ], - "source" : { - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-346: Origin Validation Error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#176301", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/176301" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication. \n" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5777.json b/2018/5xxx/CVE-2018-5777.json index 2ddfdc23fdd..cd252adb4a7 100644 --- a/2018/5xxx/CVE-2018-5777.json +++ b/2018/5xxx/CVE-2018-5777.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4", - "refsource" : "CONFIRM", - "url" : "https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4", + "refsource": "CONFIRM", + "url": "https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4" + } + ] + } +} \ No newline at end of file