diff --git a/2001/0xxx/CVE-2001-0156.json b/2001/0xxx/CVE-2001-0156.json index 1282ab2ddaf..d54537a88f0 100644 --- a/2001/0xxx/CVE-2001-0156.json +++ b/2001/0xxx/CVE-2001-0156.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A021601-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2001/a021601-1.txt" - }, - { - "name" : "http://www.vandyke.com/products/vshell/security102.html", - "refsource" : "CONFIRM", - "url" : "http://www.vandyke.com/products/vshell/security102.html" - }, - { - "name" : "vshell-port-forwarding-rule(6148)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6148" - }, - { - "name" : "2402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vshell-port-forwarding-rule(6148)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6148" + }, + { + "name": "A021601-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2001/a021601-1.txt" + }, + { + "name": "2402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2402" + }, + { + "name": "http://www.vandyke.com/products/vshell/security102.html", + "refsource": "CONFIRM", + "url": "http://www.vandyke.com/products/vshell/security102.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0359.json b/2001/0xxx/CVE-2001-0359.json index 361af3052f2..5d1a1bc9a1c 100644 --- a/2001/0xxx/CVE-2001-0359.json +++ b/2001/0xxx/CVE-2001-0359.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010309 Advisory: Half-life server buffer overflows and formatting vulnerabilities ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0111.html" - }, - { - "name" : "halflife-map-format-string(6220)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "halflife-map-format-string(6220)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6220" + }, + { + "refsource": "BUGTRAQ", + "name": "20010309 Advisory: Half-life server buffer overflows and formatting vulnerabilities", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0111.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0385.json b/2001/0xxx/CVE-2001-0385.json index 1ad77324bc5..8f009eacdc2 100644 --- a/2001/0xxx/CVE-2001-0385.json +++ b/2001/0xxx/CVE-2001-0385.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010417 Advisory for GoAhead Webserver v2.1", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0281.html" - }, - { - "name" : "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539", - "refsource" : "CONFIRM", - "url" : "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539" - }, - { - "name" : "2607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2607" - }, - { - "name" : "6664", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6664" - }, - { - "name" : "81099", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81099" - }, - { - "name" : "goahead-aux-dos(6400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81099", + "refsource": "OSVDB", + "url": "http://osvdb.org/81099" + }, + { + "name": "20010417 Advisory for GoAhead Webserver v2.1", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0281.html" + }, + { + "name": "goahead-aux-dos(6400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6400" + }, + { + "name": "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539", + "refsource": "CONFIRM", + "url": "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539" + }, + { + "name": "2607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2607" + }, + { + "name": "6664", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6664" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1016.json b/2001/1xxx/CVE-2001-1016.json index f3eb4ee9c1e..16408e6a7b9 100644 --- a/2001/1xxx/CVE-2001-1016.json +++ b/2001/1xxx/CVE-2001-1016.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the \"PGPsdk Key Validity Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010904 PGPsdk Key Validity Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/211806" - }, - { - "name" : "http://www.pgp.com/support/product-advisories/pgpsdk.asp", - "refsource" : "CONFIRM", - "url" : "http://www.pgp.com/support/product-advisories/pgpsdk.asp" - }, - { - "name" : "3280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3280" - }, - { - "name" : "pgp-invalid-key-display(7081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7081" - }, - { - "name" : "1946", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the \"PGPsdk Key Validity Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010904 PGPsdk Key Validity Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/211806" + }, + { + "name": "http://www.pgp.com/support/product-advisories/pgpsdk.asp", + "refsource": "CONFIRM", + "url": "http://www.pgp.com/support/product-advisories/pgpsdk.asp" + }, + { + "name": "3280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3280" + }, + { + "name": "pgp-invalid-key-display(7081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7081" + }, + { + "name": "1946", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1946" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1147.json b/2001/1xxx/CVE-2001-1147.json index 00a37c23fdb..56731e1b11a 100644 --- a/2001/1xxx/CVE-2001-1147.json +++ b/2001/1xxx/CVE-2001-1147.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011008 pam_limits.so Bug!!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/219175" - }, - { - "name" : "RHSA-2001:132", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-132.html" - }, - { - "name" : "MDKSA-2001:084", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3" - }, - { - "name" : "SuSE-SA:2001:034", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html" - }, - { - "name" : "M-009", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-009.shtml" - }, - { - "name" : "3415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3415" - }, - { - "name" : "utillinux-pamlimits-gain-privileges(7266)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7266.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "utillinux-pamlimits-gain-privileges(7266)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7266.php" + }, + { + "name": "M-009", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-009.shtml" + }, + { + "name": "RHSA-2001:132", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html" + }, + { + "name": "SuSE-SA:2001:034", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html" + }, + { + "name": "3415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3415" + }, + { + "name": "20011008 pam_limits.so Bug!!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/219175" + }, + { + "name": "MDKSA-2001:084", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1211.json b/2001/1xxx/CVE-2001-1211.json index c8b0d39e1d0..2a8ddd9b99f 100644 --- a/2001/1xxx/CVE-2001-1211.json +++ b/2001/1xxx/CVE-2001-1211.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011231 IMail Web Service User Aliases / Mailing Lists Admin Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/247786" - }, - { - "name" : "http://support.ipswitch.com/kb/IM-20020301-DM02.htm", - "refsource" : "MISC", - "url" : "http://support.ipswitch.com/kb/IM-20020301-DM02.htm" - }, - { - "name" : "http://support.ipswitch.com/kb/IM-20011219-DM01.htm", - "refsource" : "MISC", - "url" : "http://support.ipswitch.com/kb/IM-20011219-DM01.htm" - }, - { - "name" : "3766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3766" - }, - { - "name" : "imail-admin-domain-change(7752)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7752.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.ipswitch.com/kb/IM-20011219-DM01.htm", + "refsource": "MISC", + "url": "http://support.ipswitch.com/kb/IM-20011219-DM01.htm" + }, + { + "name": "3766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3766" + }, + { + "name": "http://support.ipswitch.com/kb/IM-20020301-DM02.htm", + "refsource": "MISC", + "url": "http://support.ipswitch.com/kb/IM-20020301-DM02.htm" + }, + { + "name": "imail-admin-domain-change(7752)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7752.php" + }, + { + "name": "20011231 IMail Web Service User Aliases / Mailing Lists Admin Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/247786" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2424.json b/2006/2xxx/CVE-2006-2424.json index 11d82096599..eb1b11961bf 100644 --- a/2006/2xxx/CVE-2006-2424.json +++ b/2006/2xxx/CVE-2006-2424.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1795", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1795" - }, - { - "name" : "http://www.ezusermanager.com/security.php", - "refsource" : "CONFIRM", - "url" : "http://www.ezusermanager.com/security.php" - }, - { - "name" : "17998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17998" - }, - { - "name" : "ADV-2006-1826", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1826" - }, - { - "name" : "25540", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25540" - }, - { - "name" : "20103", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20103" - }, - { - "name" : "ezusermanager-coreinc-file-include(26470)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ezusermanager.com/security.php", + "refsource": "CONFIRM", + "url": "http://www.ezusermanager.com/security.php" + }, + { + "name": "1795", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1795" + }, + { + "name": "ezusermanager-coreinc-file-include(26470)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26470" + }, + { + "name": "17998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17998" + }, + { + "name": "25540", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25540" + }, + { + "name": "20103", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20103" + }, + { + "name": "ADV-2006-1826", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1826" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2592.json b/2006/2xxx/CVE-2006-2592.json index d776709120a..45e405f7fc8 100644 --- a/2006/2xxx/CVE-2006-2592.json +++ b/2006/2xxx/CVE-2006-2592.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-1961", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1961" - }, - { - "name" : "25735", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25735" - }, - { - "name" : "20258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20258" - }, - { - "name" : "dschat-nickname-file-include(26642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20258" + }, + { + "name": "dschat-nickname-file-include(26642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26642" + }, + { + "name": "ADV-2006-1961", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1961" + }, + { + "name": "25735", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25735" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1433.json b/2008/1xxx/CVE-2008-1433.json index 826d4691cc3..c6c6dca284e 100644 --- a/2008/1xxx/CVE-2008-1433.json +++ b/2008/1xxx/CVE-2008-1433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1433", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-1433", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5046.json b/2008/5xxx/CVE-2008-5046.json index 53e994b3da0..6e799b9fdee 100644 --- a/2008/5xxx/CVE-2008-5046.json +++ b/2008/5xxx/CVE-2008-5046.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7030", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7030" - }, - { - "name" : "32165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32165" - }, - { - "name" : "32613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32613" - }, - { - "name" : "4589", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4589" - }, - { - "name" : "pizzascript-index-sql-injection(46416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32165" + }, + { + "name": "7030", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7030" + }, + { + "name": "4589", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4589" + }, + { + "name": "32613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32613" + }, + { + "name": "pizzascript-index-sql-injection(46416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46416" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5224.json b/2008/5xxx/CVE-2008-5224.json index 9cdc897a1dd..15159ffcab2 100644 --- a/2008/5xxx/CVE-2008-5224.json +++ b/2008/5xxx/CVE-2008-5224.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#43906021", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN43906021/index.html" - }, - { - "name" : "http://www.kent-web.com/cart/mart.html", - "refsource" : "CONFIRM", - "url" : "http://www.kent-web.com/cart/mart.html" - }, - { - "name" : "29436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29436" - }, - { - "name" : "30444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30444" - }, - { - "name" : "kentwebmart-unspecified-xss(42743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29436" + }, + { + "name": "JVN#43906021", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN43906021/index.html" + }, + { + "name": "30444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30444" + }, + { + "name": "kentwebmart-unspecified-xss(42743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42743" + }, + { + "name": "http://www.kent-web.com/cart/mart.html", + "refsource": "CONFIRM", + "url": "http://www.kent-web.com/cart/mart.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5631.json b/2008/5xxx/CVE-2008-5631.json index 99b5f98138a..55014fefc75 100644 --- a/2008/5xxx/CVE-2008-5631.json +++ b/2008/5xxx/CVE-2008-5631.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7279", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7279" - }, - { - "name" : "32927", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32927" - }, - { - "name" : "ewebquiz-start-sql-injection(46910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ewebquiz-start-sql-injection(46910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46910" + }, + { + "name": "7279", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7279" + }, + { + "name": "32927", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32927" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2031.json b/2011/2xxx/CVE-2011-2031.json index 157911f5ef6..e984a76e143 100644 --- a/2011/2xxx/CVE-2011-2031.json +++ b/2011/2xxx/CVE-2011-2031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2031", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2031", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2458.json b/2011/2xxx/CVE-2011-2458.json index 62378956511..a6d404108a1 100644 --- a/2011/2xxx/CVE-2011-2458.json +++ b/2011/2xxx/CVE-2011-2458.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html" - }, - { - "name" : "GLSA-201204-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml" - }, - { - "name" : "SUSE-SA:2011:043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html" - }, - { - "name" : "SUSE-SU-2011:1244", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html" - }, - { - "name" : "openSUSE-SU-2011:1240", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html" - }, - { - "name" : "oval:org.mitre.oval:def:14014", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14014" - }, - { - "name" : "oval:org.mitre.oval:def:16179", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16179" - }, - { - "name" : "48819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2011:1240", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html" + }, + { + "name": "oval:org.mitre.oval:def:14014", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14014" + }, + { + "name": "SUSE-SA:2011:043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html" + }, + { + "name": "SUSE-SU-2011:1244", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html" + }, + { + "name": "GLSA-201204-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-07.xml" + }, + { + "name": "48819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48819" + }, + { + "name": "oval:org.mitre.oval:def:16179", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16179" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-28.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2483.json b/2011/2xxx/CVE-2011-2483.json index f1fbef8c65e..a386dd5dbdf 100644 --- a/2011/2xxx/CVE-2011-2483.json +++ b/2011/2xxx/CVE-2011-2483.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/crypt_blowfish", - "refsource" : "MISC", - "url" : "http://freshmeat.net/projects/crypt_blowfish" - }, - { - "name" : "http://php.net/security/crypt_blowfish", - "refsource" : "CONFIRM", - "url" : "http://php.net/security/crypt_blowfish" - }, - { - "name" : "http://www.openwall.com/crypt/", - "refsource" : "CONFIRM", - "url" : "http://www.openwall.com/crypt/" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php#5.3.7", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php#5.3.7" - }, - { - "name" : "http://www.php.net/archive/2011.php#id2011-08-18-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2011.php#id2011-08-18-1" - }, - { - "name" : "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "DSA-2340", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2340" - }, - { - "name" : "DSA-2399", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2399" - }, - { - "name" : "MDVSA-2011:180", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:180" - }, - { - "name" : "MDVSA-2011:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165" - }, - { - "name" : "MDVSA-2011:178", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" - }, - { - "name" : "MDVSA-2011:179", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179" - }, - { - "name" : "RHSA-2011:1377", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1377.html" - }, - { - "name" : "RHSA-2011:1378", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1378.html" - }, - { - "name" : "RHSA-2011:1423", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1423.html" - }, - { - "name" : "SUSE-SA:2011:035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html" - }, - { - "name" : "USN-1229-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1229-1" - }, - { - "name" : "49241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49241" - }, - { - "name" : "php-cryptblowfish-info-disclosure(69319)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openwall.com/crypt/", + "refsource": "CONFIRM", + "url": "http://www.openwall.com/crypt/" + }, + { + "name": "MDVSA-2011:180", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:180" + }, + { + "name": "php-cryptblowfish-info-disclosure(69319)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69319" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "http://php.net/security/crypt_blowfish", + "refsource": "CONFIRM", + "url": "http://php.net/security/crypt_blowfish" + }, + { + "name": "49241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49241" + }, + { + "name": "MDVSA-2011:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165" + }, + { + "name": "DSA-2399", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2399" + }, + { + "name": "DSA-2340", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2340" + }, + { + "name": "RHSA-2011:1378", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1378.html" + }, + { + "name": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "SUSE-SA:2011:035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html" + }, + { + "name": "MDVSA-2011:178", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" + }, + { + "name": "RHSA-2011:1377", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1377.html" + }, + { + "name": "RHSA-2011:1423", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html" + }, + { + "name": "http://www.php.net/ChangeLog-5.php#5.3.7", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php#5.3.7" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "http://www.php.net/archive/2011.php#id2011-08-18-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2011.php#id2011-08-18-1" + }, + { + "name": "MDVSA-2011:179", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179" + }, + { + "name": "http://freshmeat.net/projects/crypt_blowfish", + "refsource": "MISC", + "url": "http://freshmeat.net/projects/crypt_blowfish" + }, + { + "name": "USN-1229-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1229-1" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2741.json b/2011/2xxx/CVE-2011-2741.json index e0b0bf95b1f..937c6c2a0c2 100644 --- a/2011/2xxx/CVE-2011-2741.json +++ b/2011/2xxx/CVE-2011-2741.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified \"data elements.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2011-2741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111212 ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520850" - }, - { - "name" : "1026420", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified \"data elements.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026420", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026420" + }, + { + "name": "20111212 ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520850" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3452.json b/2011/3xxx/CVE-2011-3452.json index 2edf0cbde42..7cd3e592a73 100644 --- a/2011/3xxx/CVE-2011-3452.json +++ b/2011/3xxx/CVE-2011-3452.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3495.json b/2011/3xxx/CVE-2011-3495.json index a6456d7686e..bdb59733a55 100644 --- a/2011/3xxx/CVE-2011-3495.json +++ b/2011/3xxx/CVE-2011-3495.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/scadapro_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/scadapro_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf" - }, - { - "name" : "8382", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8382", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8382" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf" + }, + { + "name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3656.json b/2011/3xxx/CVE-2011-3656.json index b081ae1fba5..76601eac5ba 100644 --- a/2011/3xxx/CVE-2011-3656.json +++ b/2011/3xxx/CVE-2011-3656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3656", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3656", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0672.json b/2013/0xxx/CVE-2013-0672.json index 37bc8c560ae..ab843ed51ac 100644 --- a/2013/0xxx/CVE-2013-0672.json +++ b/2013/0xxx/CVE-2013-0672.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-0672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf" + }, + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0676.json b/2013/0xxx/CVE-2013-0676.json index c34dd23eff7..cd783a7e33d 100644 --- a/2013/0xxx/CVE-2013-0676.json +++ b/2013/0xxx/CVE-2013-0676.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-0676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf" + }, + { + "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0712.json b/2013/0xxx/CVE-2013-0712.json index 6e634c8871e..da5402324f3 100644 --- a/2013/0xxx/CVE-2013-0712.json +++ b/2013/0xxx/CVE-2013-0712.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-0712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN01611135/995359/index.html", - "refsource" : "MISC", - "url" : "http://jvn.jp/en/jp/JVN01611135/995359/index.html" - }, - { - "name" : "JVN#01611135", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN01611135/index.html" - }, - { - "name" : "JVNDB-2013-000019", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#01611135", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN01611135/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN01611135/995359/index.html", + "refsource": "MISC", + "url": "http://jvn.jp/en/jp/JVN01611135/995359/index.html" + }, + { + "name": "JVNDB-2013-000019", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000019" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0778.json b/2013/0xxx/CVE-2013-0778.json index 0f020834ac6..4dd352146bb 100644 --- a/2013/0xxx/CVE-2013-0778.json +++ b/2013/0xxx/CVE-2013-0778.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798867", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798867" - }, - { - "name" : "openSUSE-SU-2013:0323", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" - }, - { - "name" : "openSUSE-SU-2013:0324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" - }, - { - "name" : "USN-1729-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1729-1" - }, - { - "name" : "USN-1729-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1729-2" - }, - { - "name" : "USN-1748-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1748-1" - }, - { - "name" : "oval:org.mitre.oval:def:16619", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1729-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1729-1" + }, + { + "name": "USN-1729-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1729-2" + }, + { + "name": "USN-1748-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1748-1" + }, + { + "name": "openSUSE-SU-2013:0324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" + }, + { + "name": "oval:org.mitre.oval:def:16619", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16619" + }, + { + "name": "openSUSE-SU-2013:0323", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=798867", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=798867" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0782.json b/2013/0xxx/CVE-2013-0782.json index f1b85aaee39..8086ce3c8da 100644 --- a/2013/0xxx/CVE-2013-0782.json +++ b/2013/0xxx/CVE-2013-0782.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=827070", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=827070" - }, - { - "name" : "DSA-2699", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2699" - }, - { - "name" : "RHSA-2013:0271", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0271.html" - }, - { - "name" : "RHSA-2013:0272", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0272.html" - }, - { - "name" : "openSUSE-SU-2013:0323", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" - }, - { - "name" : "openSUSE-SU-2013:0324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" - }, - { - "name" : "USN-1729-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1729-1" - }, - { - "name" : "USN-1729-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1729-2" - }, - { - "name" : "USN-1748-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1748-1" - }, - { - "name" : "oval:org.mitre.oval:def:16906", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2699", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2699" + }, + { + "name": "USN-1729-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1729-1" + }, + { + "name": "oval:org.mitre.oval:def:16906", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16906" + }, + { + "name": "USN-1729-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1729-2" + }, + { + "name": "USN-1748-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1748-1" + }, + { + "name": "openSUSE-SU-2013:0324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" + }, + { + "name": "RHSA-2013:0271", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0271.html" + }, + { + "name": "RHSA-2013:0272", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0272.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" + }, + { + "name": "openSUSE-SU-2013:0323", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=827070", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827070" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1228.json b/2013/1xxx/CVE-2013-1228.json index ba40e8f7fe2..b37c279254b 100644 --- a/2013/1xxx/CVE-2013-1228.json +++ b/2013/1xxx/CVE-2013-1228.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130905 Cisco Jabber for Windows Certificate Validation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130905 Cisco Jabber for Windows Certificate Validation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1228" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1919.json b/2013/1xxx/CVE-2013-1919.json index a58978a090c..46dbb27b467 100644 --- a/2013/1xxx/CVE-2013-1919.json +++ b/2013/1xxx/CVE-2013-1919.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to \"passed-through IRQs or PCI devices.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130418 Xen Security Advisory 46 (CVE-2013-1919) - Several access permission issues with IRQs for unprivileged guests", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/18/6" - }, - { - "name" : "DSA-2662", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2662" - }, - { - "name" : "FEDORA-2013-6641", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104538.html" - }, - { - "name" : "FEDORA-2013-6723", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "openSUSE-SU-2013:0912", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "59292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59292" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to \"passed-through IRQs or PCI devices.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "openSUSE-SU-2013:0912", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html" + }, + { + "name": "DSA-2662", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2662" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "FEDORA-2013-6723", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html" + }, + { + "name": "[oss-security] 20130418 Xen Security Advisory 46 (CVE-2013-1919) - Several access permission issues with IRQs for unprivileged guests", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/18/6" + }, + { + "name": "59292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59292" + }, + { + "name": "FEDORA-2013-6641", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104538.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1973.json b/2013/1xxx/CVE-2013-1973.json index 8a7e584c71f..c0dda7801e4 100644 --- a/2013/1xxx/CVE-2013-1973.json +++ b/2013/1xxx/CVE-2013-1973.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/1972976", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1972976" - }, - { - "name" : "https://drupal.org/node/1971848", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1971848" - }, - { - "name" : "https://drupal.org/node/1971856", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1971856" - }, - { - "name" : "92532", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92532" - }, - { - "name" : "52996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52996" + }, + { + "name": "https://drupal.org/node/1971848", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1971848" + }, + { + "name": "92532", + "refsource": "OSVDB", + "url": "http://osvdb.org/92532" + }, + { + "name": "https://drupal.org/node/1972976", + "refsource": "MISC", + "url": "https://drupal.org/node/1972976" + }, + { + "name": "https://drupal.org/node/1971856", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1971856" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4393.json b/2013/4xxx/CVE-2013-4393.json index 5021df23c95..c350bd72bde 100644 --- a/2013/4xxx/CVE-2013-4393.json +++ b/2013/4xxx/CVE-2013-4393.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131001 Re: [CVE request] systemd", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/01/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=859104", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=859104" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" - }, - { - "name" : "GLSA-201612-34", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-34" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201612-34", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-34" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" + }, + { + "name": "[oss-security] 20131001 Re: [CVE request] systemd", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/01/9" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=859104", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859104" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5734.json b/2013/5xxx/CVE-2013-5734.json index 3b639c1541f..a988c2d2f24 100644 --- a/2013/5xxx/CVE-2013-5734.json +++ b/2013/5xxx/CVE-2013-5734.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5734", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5734", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5809.json b/2013/5xxx/CVE-2013-5809.json index b4cdc810969..f1916ccf39d 100644 --- a/2013/5xxx/CVE-2013-5809.json +++ b/2013/5xxx/CVE-2013-5809.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "http://support.apple.com/kb/HT5982", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5982" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1019113", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1019113" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660987", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660987" - }, - { - "name" : "APPLE-SA-2013-10-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02943", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674031212883&w=2" - }, - { - "name" : "HPSBUX02944", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2" - }, - { - "name" : "RHSA-2013:1440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" - }, - { - "name" : "RHSA-2013:1447", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1447.html" - }, - { - "name" : "RHSA-2013:1451", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1451.html" - }, - { - "name" : "RHSA-2013:1505", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1505.html" - }, - { - "name" : "RHSA-2013:1507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" - }, - { - "name" : "RHSA-2013:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html" - }, - { - "name" : "RHSA-2013:1509", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1509.html" - }, - { - "name" : "RHSA-2013:1793", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1666", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:1677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:1663", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" - }, - { - "name" : "USN-2033-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2033-1" - }, - { - "name" : "USN-2089-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2089-1" - }, - { - "name" : "63118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63118" - }, - { - "name" : "oval:org.mitre.oval:def:18504", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18504" - }, - { - "name" : "56249", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56249" - }, - { - "name" : "56338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "RHSA-2013:1447", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" + }, + { + "name": "RHSA-2013:1440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" + }, + { + "name": "USN-2033-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2033-1" + }, + { + "name": "USN-2089-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2089-1" + }, + { + "name": "oval:org.mitre.oval:def:18504", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18504" + }, + { + "name": "RHSA-2013:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html" + }, + { + "name": "SUSE-SU-2013:1677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660987", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660987" + }, + { + "name": "HPSBUX02944", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2" + }, + { + "name": "RHSA-2013:1505", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" + }, + { + "name": "HPSBUX02943", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2" + }, + { + "name": "63118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63118" + }, + { + "name": "openSUSE-SU-2013:1663", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" + }, + { + "name": "SUSE-SU-2013:1666", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" + }, + { + "name": "RHSA-2013:1793", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html" + }, + { + "name": "RHSA-2013:1509", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "APPLE-SA-2013-10-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" + }, + { + "name": "RHSA-2013:1507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1019113", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1019113" + }, + { + "name": "56249", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56249" + }, + { + "name": "http://support.apple.com/kb/HT5982", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5982" + }, + { + "name": "56338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56338" + }, + { + "name": "RHSA-2013:1451", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5821.json b/2013/5xxx/CVE-2013-5821.json index 7f5b5592f40..09947d0bcac 100644 --- a/2013/5xxx/CVE-2013-5821.json +++ b/2013/5xxx/CVE-2013-5821.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64856" - }, - { - "name" : "102051", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102051" - }, - { - "name" : "56488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56488" - }, - { - "name" : "oracle-cpujan2014-cve20135821(90361)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102051", + "refsource": "OSVDB", + "url": "http://osvdb.org/102051" + }, + { + "name": "oracle-cpujan2014-cve20135821(90361)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90361" + }, + { + "name": "64856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64856" + }, + { + "name": "56488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56488" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5928.json b/2013/5xxx/CVE-2013-5928.json index 5e46a87833a..296fd544c61 100644 --- a/2013/5xxx/CVE-2013-5928.json +++ b/2013/5xxx/CVE-2013-5928.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5928", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5928", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000122.json b/2017/1000xxx/CVE-2017-1000122.json index fdf54f57163..1587fffcc09 100644 --- a/2017/1000xxx/CVE-2017-1000122.json +++ b/2017/1000xxx/CVE-2017-1000122.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.333826", - "ID" : "CVE-2017-1000122", - "REQUESTER" : "mcatanzaro@igalia.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebKit", - "version" : { - "version_data" : [ - { - "version_value" : "WebKitGTK+ prior to 2.16.3" - } - ] - } - } - ] - }, - "vendor_name" : "WebKit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient input validation" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.333826", + "ID": "CVE-2017-1000122", + "REQUESTER": "mcatanzaro@igalia.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.webkit.org/changeset/217206", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/217206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.webkit.org/changeset/217206", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/217206" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000238.json b/2017/1000xxx/CVE-2017-1000238.json index 923a8ff401a..d39e8f015fc 100644 --- a/2017/1000xxx/CVE-2017-1000238.json +++ b/2017/1000xxx/CVE-2017-1000238.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.467605", - "ID" : "CVE-2017-1000238", - "REQUESTER" : "j.singh@sec-consult.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InvoicePlane", - "version" : { - "version_data" : [ - { - "version_value" : "1.4.10" - } - ] - } - } - ] - }, - "vendor_name" : "InvoicePlane" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary File Upload" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.467605", + "ID": "CVE-2017-1000238", + "REQUESTER": "j.singh@sec-consult.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12733.json b/2017/12xxx/CVE-2017-12733.json index af7976d8686..833e2111bb3 100644 --- a/2017/12xxx/CVE-2017-12733.json +++ b/2017/12xxx/CVE-2017-12733.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-12733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite", - "version" : { - "version_data" : [ - { - "version_value" : "OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-12733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite", + "version": { + "version_data": [ + { + "version_value": "OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04" - }, - { - "name" : "100563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100563" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12794.json b/2017/12xxx/CVE-2017-12794.json index fb634f2bd73..e00ebbd657f 100644 --- a/2017/12xxx/CVE-2017-12794.json +++ b/2017/12xxx/CVE-2017-12794.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with \"DEBUG = True\" (which makes this page accessible) in your production settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/" - }, - { - "name" : "USN-3559-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3559-1/" - }, - { - "name" : "100643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100643" - }, - { - "name" : "1039264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with \"DEBUG = True\" (which makes this page accessible) in your production settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3559-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3559-1/" + }, + { + "name": "100643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100643" + }, + { + "name": "1039264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039264" + }, + { + "name": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13622.json b/2017/13xxx/CVE-2017-13622.json index 95c29f69d43..a09bbf1f5db 100644 --- a/2017/13xxx/CVE-2017-13622.json +++ b/2017/13xxx/CVE-2017-13622.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13622", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13622", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16003.json b/2017/16xxx/CVE-2017-16003.json index 92b00be985a..fec848fdbb1 100644 --- a/2017/16xxx/CVE-2017-16003.json +++ b/2017/16xxx/CVE-2017-16003.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "windows-build-tools node module", - "version" : { - "version_data" : [ - { - "version_value" : "<1.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "windows-build-tools node module", + "version": { + "version_data": [ + { + "version_value": "<1.0.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/felixrieseberg/windows-build-tools/commit/9835d33e68f2cb5e4d148e954bb3ed0221d98e90", - "refsource" : "MISC", - "url" : "https://github.com/felixrieseberg/windows-build-tools/commit/9835d33e68f2cb5e4d148e954bb3ed0221d98e90" - }, - { - "name" : "https://nodesecurity.io/advisories/304", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/304", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/304" + }, + { + "name": "https://github.com/felixrieseberg/windows-build-tools/commit/9835d33e68f2cb5e4d148e954bb3ed0221d98e90", + "refsource": "MISC", + "url": "https://github.com/felixrieseberg/windows-build-tools/commit/9835d33e68f2cb5e4d148e954bb3ed0221d98e90" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16247.json b/2017/16xxx/CVE-2017-16247.json index 691c75a251a..01635854c23 100644 --- a/2017/16xxx/CVE-2017-16247.json +++ b/2017/16xxx/CVE-2017-16247.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16247", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16247", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16270.json b/2017/16xxx/CVE-2017-16270.json index f6e684948a9..31fed1184d6 100644 --- a/2017/16xxx/CVE-2017-16270.json +++ b/2017/16xxx/CVE-2017-16270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16270", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16270", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16624.json b/2017/16xxx/CVE-2017-16624.json index d14c787fefb..cc44b0e5972 100644 --- a/2017/16xxx/CVE-2017-16624.json +++ b/2017/16xxx/CVE-2017-16624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16624", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16624", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4155.json b/2017/4xxx/CVE-2017-4155.json index 11f7e12aa72..6b90d88c568 100644 --- a/2017/4xxx/CVE-2017-4155.json +++ b/2017/4xxx/CVE-2017-4155.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4155", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4155", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4235.json b/2017/4xxx/CVE-2017-4235.json index 1d88bb78b93..755a9ff8ae0 100644 --- a/2017/4xxx/CVE-2017-4235.json +++ b/2017/4xxx/CVE-2017-4235.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4235", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4235", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4395.json b/2017/4xxx/CVE-2017-4395.json index 00a80643c23..fd9fdc9cc12 100644 --- a/2017/4xxx/CVE-2017-4395.json +++ b/2017/4xxx/CVE-2017-4395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4395", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4395", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4581.json b/2017/4xxx/CVE-2017-4581.json index 7ef80b59bb8..1a65bc07960 100644 --- a/2017/4xxx/CVE-2017-4581.json +++ b/2017/4xxx/CVE-2017-4581.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4581", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4581", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18318.json b/2018/18xxx/CVE-2018-18318.json index 276294c59e5..fd81fe1b3b7 100644 --- a/2018/18xxx/CVE-2018-18318.json +++ b/2018/18xxx/CVE-2018-18318.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/datadancer/HIAFuzz/blob/master/360%20Phone%20N6%20Pro%20Kernel%20Vuln.md", - "refsource" : "MISC", - "url" : "https://github.com/datadancer/HIAFuzz/blob/master/360%20Phone%20N6%20Pro%20Kernel%20Vuln.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/datadancer/HIAFuzz/blob/master/360%20Phone%20N6%20Pro%20Kernel%20Vuln.md", + "refsource": "MISC", + "url": "https://github.com/datadancer/HIAFuzz/blob/master/360%20Phone%20N6%20Pro%20Kernel%20Vuln.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18634.json b/2018/18xxx/CVE-2018-18634.json index 34bcbeb3d3f..c42c5dfef10 100644 --- a/2018/18xxx/CVE-2018-18634.json +++ b/2018/18xxx/CVE-2018-18634.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18634", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18634", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5275.json b/2018/5xxx/CVE-2018-5275.json index b144f2092f3..a3872daea2a 100644 --- a/2018/5xxx/CVE-2018-5275.json +++ b/2018/5xxx/CVE-2018-5275.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020", - "refsource" : "MISC", - "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020", + "refsource": "MISC", + "url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5372.json b/2018/5xxx/CVE-2018-5372.json index 3d67a984894..6ee72d61be5 100644 --- a/2018/5xxx/CVE-2018-5372.json +++ b/2018/5xxx/CVE-2018-5372.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\\sliders.php (current_slider_id parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.defensecode.com/advisories/DC-2018-01-005_WordPress_Testimonial_Slider_Plugin_Advisory.pdf", - "refsource" : "MISC", - "url" : "http://www.defensecode.com/advisories/DC-2018-01-005_WordPress_Testimonial_Slider_Plugin_Advisory.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\\sliders.php (current_slider_id parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.defensecode.com/advisories/DC-2018-01-005_WordPress_Testimonial_Slider_Plugin_Advisory.pdf", + "refsource": "MISC", + "url": "http://www.defensecode.com/advisories/DC-2018-01-005_WordPress_Testimonial_Slider_Plugin_Advisory.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5393.json b/2018/5xxx/CVE-2018-5393.json index 1f2f1f0736f..f5803b10b96 100644 --- a/2018/5xxx/CVE-2018-5393.json +++ b/2018/5xxx/CVE-2018-5393.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2018-5393", - "STATE" : "PUBLIC", - "TITLE" : "TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EAP Controller", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_name" : "2.5.3", - "version_value" : "2.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "TP-LINK" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306: Missing Authentication for Critical Function" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2018-5393", + "STATE": "PUBLIC", + "TITLE": "TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EAP Controller", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "2.5.3", + "version_value": "2.5.3" + } + ] + } + } + ] + }, + "vendor_name": "TP-LINK" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#581311", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/581311" - }, - { - "name" : "105402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105402" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#581311", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/581311" + }, + { + "name": "105402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105402" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5566.json b/2018/5xxx/CVE-2018-5566.json index 5f3c3df91e5..ef654f4c584 100644 --- a/2018/5xxx/CVE-2018-5566.json +++ b/2018/5xxx/CVE-2018-5566.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5566", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5566", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5600.json b/2018/5xxx/CVE-2018-5600.json index 5f6a2ed88d1..6519f421b90 100644 --- a/2018/5xxx/CVE-2018-5600.json +++ b/2018/5xxx/CVE-2018-5600.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5600", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5600", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file