From 8b34dd9ed3f0331b546de208f9f0e89b622f1a9a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:57:27 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0128.json | 180 ++++++++++----------- 2001/0xxx/CVE-2001-0143.json | 150 +++++++++--------- 2001/0xxx/CVE-2001-0220.json | 120 +++++++------- 2001/0xxx/CVE-2001-0432.json | 130 +++++++-------- 2001/0xxx/CVE-2001-0547.json | 140 ++++++++--------- 2001/0xxx/CVE-2001-0931.json | 140 ++++++++--------- 2001/1xxx/CVE-2001-1272.json | 140 ++++++++--------- 2008/1xxx/CVE-2008-1091.json | 230 +++++++++++++-------------- 2008/1xxx/CVE-2008-1513.json | 130 +++++++-------- 2008/1xxx/CVE-2008-1939.json | 150 +++++++++--------- 2008/5xxx/CVE-2008-5190.json | 170 ++++++++++---------- 2008/5xxx/CVE-2008-5205.json | 140 ++++++++--------- 2008/5xxx/CVE-2008-5232.json | 160 +++++++++---------- 2008/5xxx/CVE-2008-5306.json | 170 ++++++++++---------- 2008/5xxx/CVE-2008-5472.json | 34 ++-- 2008/5xxx/CVE-2008-5965.json | 160 +++++++++---------- 2011/2xxx/CVE-2011-2759.json | 150 +++++++++--------- 2013/0xxx/CVE-2013-0076.json | 140 ++++++++--------- 2013/0xxx/CVE-2013-0119.json | 34 ++-- 2013/0xxx/CVE-2013-0232.json | 180 ++++++++++----------- 2013/0xxx/CVE-2013-0832.json | 150 +++++++++--------- 2013/0xxx/CVE-2013-0893.json | 150 +++++++++--------- 2013/0xxx/CVE-2013-0929.json | 130 +++++++-------- 2013/1xxx/CVE-2013-1592.json | 34 ++-- 2013/1xxx/CVE-2013-1808.json | 270 ++++++++++++++++---------------- 2013/3xxx/CVE-2013-3066.json | 130 +++++++-------- 2013/3xxx/CVE-2013-3138.json | 140 ++++++++--------- 2013/3xxx/CVE-2013-3298.json | 34 ++-- 2013/3xxx/CVE-2013-3307.json | 34 ++-- 2013/3xxx/CVE-2013-3939.json | 34 ++-- 2013/4xxx/CVE-2013-4138.json | 140 ++++++++--------- 2013/4xxx/CVE-2013-4481.json | 130 +++++++-------- 2013/4xxx/CVE-2013-4770.json | 34 ++-- 2013/4xxx/CVE-2013-4936.json | 200 ++++++++++++------------ 2017/12xxx/CVE-2017-12083.json | 122 +++++++-------- 2017/12xxx/CVE-2017-12189.json | 172 ++++++++++---------- 2017/12xxx/CVE-2017-12397.json | 34 ++-- 2017/12xxx/CVE-2017-12784.json | 120 +++++++------- 2017/13xxx/CVE-2017-13000.json | 200 ++++++++++++------------ 2017/13xxx/CVE-2017-13417.json | 34 ++-- 2017/13xxx/CVE-2017-13531.json | 34 ++-- 2017/13xxx/CVE-2017-13884.json | 180 ++++++++++----------- 2017/16xxx/CVE-2017-16469.json | 34 ++-- 2017/16xxx/CVE-2017-16645.json | 200 ++++++++++++------------ 2017/16xxx/CVE-2017-16744.json | 132 ++++++++-------- 2017/16xxx/CVE-2017-16866.json | 120 +++++++------- 2017/16xxx/CVE-2017-16980.json | 34 ++-- 2017/17xxx/CVE-2017-17159.json | 120 +++++++------- 2017/17xxx/CVE-2017-17427.json | 150 +++++++++--------- 2017/17xxx/CVE-2017-17602.json | 130 +++++++-------- 2018/18xxx/CVE-2018-18005.json | 130 +++++++-------- 2018/18xxx/CVE-2018-18119.json | 34 ++-- 2018/18xxx/CVE-2018-18344.json | 160 +++++++++---------- 2018/18xxx/CVE-2018-18701.json | 120 +++++++------- 2018/19xxx/CVE-2018-19296.json | 150 +++++++++--------- 2018/1xxx/CVE-2018-1061.json | 278 ++++++++++++++++----------------- 2018/1xxx/CVE-2018-1106.json | 162 +++++++++---------- 2018/1xxx/CVE-2018-1531.json | 34 ++-- 2018/1xxx/CVE-2018-1620.json | 34 ++-- 2018/5xxx/CVE-2018-5570.json | 34 ++-- 2018/5xxx/CVE-2018-5827.json | 132 ++++++++-------- 61 files changed, 3771 insertions(+), 3771 deletions(-) diff --git a/2001/0xxx/CVE-2001-0128.json b/2001/0xxx/CVE-2001-0128.json index 0e962885d86..709d69c6108 100644 --- a/2001/0xxx/CVE-2001-0128.json +++ b/2001/0xxx/CVE-2001-0128.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2000-083", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3" - }, - { - "name" : "CLA-2000:365", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365" - }, - { - "name" : "RHSA-2000:127", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-127.html" - }, - { - "name" : "DSA-006-1", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2000/20001219" - }, - { - "name" : "FreeBSD-SA-01:06", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc" - }, - { - "name" : "zope-calculate-roles(5777)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777" - }, - { - "name" : "6284", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6284", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6284" + }, + { + "name": "RHSA-2000:127", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-127.html" + }, + { + "name": "zope-calculate-roles(5777)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777" + }, + { + "name": "MDKSA-2000-083", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3" + }, + { + "name": "FreeBSD-SA-01:06", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc" + }, + { + "name": "CLA-2000:365", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365" + }, + { + "name": "DSA-006-1", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2000/20001219" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0143.json b/2001/0xxx/CVE-2001-0143.json index bd02f0abf95..432420d133d 100644 --- a/2001/0xxx/CVE-2001-0143.json +++ b/2001/0xxx/CVE-2001-0143.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010110 Immunix OS Security update for lots of temp file problems", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97916374410647&w=2" - }, - { - "name" : "MDKSA-2001:011", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3" - }, - { - "name" : "2186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2186" - }, - { - "name" : "linuxconf-vpop3d-symlink(5923)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010110 Immunix OS Security update for lots of temp file problems", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97916374410647&w=2" + }, + { + "name": "linuxconf-vpop3d-symlink(5923)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5923" + }, + { + "name": "MDKSA-2001:011", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3" + }, + { + "name": "2186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2186" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0220.json b/2001/0xxx/CVE-2001-0220.json index 844a5ca4ca0..c1583f0e6a3 100644 --- a/2001/0xxx/CVE-2001-0220.json +++ b/2001/0xxx/CVE-2001-0220.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-01:21", - "refsource" : "FREEBSD", - "url" : "http://archives.neohapsis.com/archives/freebsd/2001-02/0082.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-01:21", + "refsource": "FREEBSD", + "url": "http://archives.neohapsis.com/archives/freebsd/2001-02/0082.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0432.json b/2001/0xxx/CVE-2001-0432.json index 804b79528aa..56c886bf3be 100644 --- a/2001/0xxx/CVE-2001-0432.json +++ b/2001/0xxx/CVE-2001-0432.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010413 Trend Micro Interscan VirusWall 3.01 vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0218.html" - }, - { - "name" : "2579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2579" + }, + { + "name": "20010413 Trend Micro Interscan VirusWall 3.01 vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0218.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0547.json b/2001/0xxx/CVE-2001-0547.json index ae101dcbef5..7c518988044 100644 --- a/2001/0xxx/CVE-2001-0547.json +++ b/2001/0xxx/CVE-2001-0547.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045" - }, - { - "name" : "isa-proxy-memory-leak-dos(6990)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6990" - }, - { - "name" : "3197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045" + }, + { + "name": "3197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3197" + }, + { + "name": "isa-proxy-memory-leak-dos(6990)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6990" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0931.json b/2001/0xxx/CVE-2001-0931.json index cde588e5413..125c5a776a8 100644 --- a/2001/0xxx/CVE-2001-0931.json +++ b/2001/0xxx/CVE-2001-0931.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011128 PowerFTP-server-Bugs&Exploits-Remotes", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100698397818175&w=2" - }, - { - "name" : "powerftp-dot-directory-traversal(7615)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7615" - }, - { - "name" : "3593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "powerftp-dot-directory-traversal(7615)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7615" + }, + { + "name": "3593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3593" + }, + { + "name": "20011128 PowerFTP-server-Bugs&Exploits-Remotes", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100698397818175&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1272.json b/2001/1xxx/CVE-2001-1272.json index 30160472eb3..93860ed6b44 100644 --- a/2001/1xxx/CVE-2001-1272.json +++ b/2001/1xxx/CVE-2001-1272.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-092", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-092" - }, - { - "name" : "wmtv-execute-commands(7669)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7669.php" - }, - { - "name" : "3658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3658" + }, + { + "name": "DSA-092", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-092" + }, + { + "name": "wmtv-execute-commands(7669)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7669.php" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1091.json b/2008/1xxx/CVE-2008-1091.json index 4059087618d..51464d5d103 100644 --- a/2008/1xxx/CVE-2008-1091.json +++ b/2008/1xxx/CVE-2008-1091.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a \"memory calculation error\" and a heap-based buffer overflow, aka \"Object Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-1091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080513 ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492020/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-023", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-023" - }, - { - "name" : "HPSBST02336", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" - }, - { - "name" : "SSRT080071", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" - }, - { - "name" : "MS08-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026" - }, - { - "name" : "TA08-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-134A.html" - }, - { - "name" : "VU#543907", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/543907" - }, - { - "name" : "29104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29104" - }, - { - "name" : "oval:org.mitre.oval:def:5494", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5494" - }, - { - "name" : "ADV-2008-1504", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1504/references" - }, - { - "name" : "1020013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020013" - }, - { - "name" : "30143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a \"memory calculation error\" and a heap-based buffer overflow, aka \"Object Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080513 ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492020/100/0/threaded" + }, + { + "name": "MS08-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026" + }, + { + "name": "29104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29104" + }, + { + "name": "VU#543907", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/543907" + }, + { + "name": "ADV-2008-1504", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1504/references" + }, + { + "name": "oval:org.mitre.oval:def:5494", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5494" + }, + { + "name": "1020013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020013" + }, + { + "name": "SSRT080071", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2" + }, + { + "name": "30143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30143" + }, + { + "name": "TA08-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-023", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-023" + }, + { + "name": "HPSBST02336", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1513.json b/2008/1xxx/CVE-2008-1513.json index ae1d5398d28..280bd333494 100644 --- a/2008/1xxx/CVE-2008-1513.json +++ b/2008/1xxx/CVE-2008-1513.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5239", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5239" - }, - { - "name" : "cmsdanneo-index-sql-injection(41153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5239", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5239" + }, + { + "name": "cmsdanneo-index-sql-injection(41153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41153" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1939.json b/2008/1xxx/CVE-2008-1939.json index 98a57da2516..7db8299d3ff 100644 --- a/2008/1xxx/CVE-2008-1939.json +++ b/2008/1xxx/CVE-2008-1939.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5475", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5475" - }, - { - "name" : "28871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28871" - }, - { - "name" : "ADV-2008-1340", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1340/references" - }, - { - "name" : "philboard-philboardreply-sql-injection(41957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5475", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5475" + }, + { + "name": "28871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28871" + }, + { + "name": "ADV-2008-1340", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1340/references" + }, + { + "name": "philboard-philboardreply-sql-injection(41957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41957" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5190.json b/2008/5xxx/CVE-2008-5190.json index 2e643214d19..4b575c46761 100644 --- a/2008/5xxx/CVE-2008-5190.json +++ b/2008/5xxx/CVE-2008-5190.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5970", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5970" - }, - { - "name" : "30002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30002" - }, - { - "name" : "30712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30712" - }, - { - "name" : "4619", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4619" - }, - { - "name" : "ADV-2008-1971", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1971/references" - }, - { - "name" : "eshop100-index-sql-injection(43452)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1971", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1971/references" + }, + { + "name": "eshop100-index-sql-injection(43452)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43452" + }, + { + "name": "30712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30712" + }, + { + "name": "30002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30002" + }, + { + "name": "5970", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5970" + }, + { + "name": "4619", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4619" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5205.json b/2008/5xxx/CVE-2008-5205.json index cdb3c43495a..cb525daeeb1 100644 --- a/2008/5xxx/CVE-2008-5205.json +++ b/2008/5xxx/CVE-2008-5205.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080626 WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493710/100/0/threaded" - }, - { - "name" : "4645", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4645" - }, - { - "name" : "wellyblog-edit-xss(43433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4645", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4645" + }, + { + "name": "20080626 WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493710/100/0/threaded" + }, + { + "name": "wellyblog-edit-xss(43433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43433" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5232.json b/2008/5xxx/CVE-2008-5232.json index 23533d1162d..471139e1f6b 100644 --- a/2008/5xxx/CVE-2008-5232.json +++ b/2008/5xxx/CVE-2008-5232.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/30814.html.txt", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/30814.html.txt" - }, - { - "name" : "http://packetstormsecurity.org/0808-exploits/wms-overflow.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0808-exploits/wms-overflow.txt" - }, - { - "name" : "30814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30814" - }, - { - "name" : "1020733", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020733" - }, - { - "name" : "windowsmediaservices-callhtmlhelp-bo(44629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/30814.html.txt", + "refsource": "MISC", + "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/30814.html.txt" + }, + { + "name": "windowsmediaservices-callhtmlhelp-bo(44629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44629" + }, + { + "name": "30814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30814" + }, + { + "name": "http://packetstormsecurity.org/0808-exploits/wms-overflow.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0808-exploits/wms-overflow.txt" + }, + { + "name": "1020733", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020733" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5306.json b/2008/5xxx/CVE-2008-5306.json index c5daa6ee8ac..1b29ba62a00 100644 --- a/2008/5xxx/CVE-2008-5306.json +++ b/2008/5xxx/CVE-2008-5306.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7200", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7200" - }, - { - "name" : "32429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32429" - }, - { - "name" : "ADV-2008-3239", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3239" - }, - { - "name" : "32841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32841" - }, - { - "name" : "4674", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4674" - }, - { - "name" : "realestatesolution-index-sql-injection(46792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32841" + }, + { + "name": "realestatesolution-index-sql-injection(46792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46792" + }, + { + "name": "7200", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7200" + }, + { + "name": "32429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32429" + }, + { + "name": "4674", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4674" + }, + { + "name": "ADV-2008-3239", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3239" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5472.json b/2008/5xxx/CVE-2008-5472.json index 9f432aff9b6..4046ec735c0 100644 --- a/2008/5xxx/CVE-2008-5472.json +++ b/2008/5xxx/CVE-2008-5472.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5472", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-5472", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5965.json b/2008/5xxx/CVE-2008-5965.json index be4ad2a0c70..07c6b1f8296 100644 --- a/2008/5xxx/CVE-2008-5965.json +++ b/2008/5xxx/CVE-2008-5965.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6737", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6737" - }, - { - "name" : "31730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31730" - }, - { - "name" : "30472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30472" - }, - { - "name" : "ADV-2008-2798", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2798" - }, - { - "name" : "lokicms-index-directory-traversal(45822)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6737", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6737" + }, + { + "name": "ADV-2008-2798", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2798" + }, + { + "name": "31730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31730" + }, + { + "name": "30472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30472" + }, + { + "name": "lokicms-index-directory-traversal(45822)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45822" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2759.json b/2011/2xxx/CVE-2011-2759.json index df5d116797e..c276082bb97 100644 --- a/2011/2xxx/CVE-2011-2759.json +++ b/2011/2xxx/CVE-2011-2759.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24030320", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24030320" - }, - { - "name" : "IO14165", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO14165" - }, - { - "name" : "ibm-tds-idswebapp-info-disc(68585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IO14165", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO14165" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24030320", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24030320" + }, + { + "name": "ibm-tds-idswebapp-info-disc(68585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68585" + }, + { + "name": "http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0076.json b/2013/0xxx/CVE-2013-0076.json index 1e093850854..c5dddd8dde3 100644 --- a/2013/0xxx/CVE-2013-0076.json +++ b/2013/0xxx/CVE-2013-0076.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka \"Reference Count Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-019", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-019" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16478", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka \"Reference Count Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-019", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-019" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + }, + { + "name": "oval:org.mitre.oval:def:16478", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16478" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0119.json b/2013/0xxx/CVE-2013-0119.json index 346df1f0e86..7823621fc36 100644 --- a/2013/0xxx/CVE-2013-0119.json +++ b/2013/0xxx/CVE-2013-0119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0232.json b/2013/0xxx/CVE-2013-0232.json index 2543613f385..308b92fc23d 100644 --- a/2013/0xxx/CVE-2013-0232.json +++ b/2013/0xxx/CVE-2013-0232.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24310", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24310" - }, - { - "name" : "[oss-security] 20130128 Re: CVE Request: zoneminder: arbitrary command execution vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/01/28/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910" - }, - { - "name" : "http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/", - "refsource" : "MISC", - "url" : "http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/" - }, - { - "name" : "http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771", - "refsource" : "MISC", - "url" : "http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771" - }, - { - "name" : "DSA-2640", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2640" - }, - { - "name" : "89529", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/89529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/", + "refsource": "MISC", + "url": "http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/" + }, + { + "name": "[oss-security] 20130128 Re: CVE Request: zoneminder: arbitrary command execution vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/01/28/2" + }, + { + "name": "http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771", + "refsource": "MISC", + "url": "http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771" + }, + { + "name": "DSA-2640", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2640" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910" + }, + { + "name": "24310", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24310" + }, + { + "name": "89529", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/89529" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0832.json b/2013/0xxx/CVE-2013-0832.json index 918da9cd46d..49f6cb9a4e3 100644 --- a/2013/0xxx/CVE-2013-0832.json +++ b/2013/0xxx/CVE-2013-0832.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=160380", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=160380" - }, - { - "name" : "openSUSE-SU-2013:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:16310", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=160380", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=160380" + }, + { + "name": "openSUSE-SU-2013:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" + }, + { + "name": "oval:org.mitre.oval:def:16310", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16310" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0893.json b/2013/0xxx/CVE-2013-0893.json index 1764b493cc3..21d2ccf5c0c 100644 --- a/2013/0xxx/CVE-2013-0893.json +++ b/2013/0xxx/CVE-2013-0893.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=168570", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=168570" - }, - { - "name" : "openSUSE-SU-2013:0454", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" - }, - { - "name" : "oval:org.mitre.oval:def:15682", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" + }, + { + "name": "oval:org.mitre.oval:def:15682", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15682" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=168570", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=168570" + }, + { + "name": "openSUSE-SU-2013:0454", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0929.json b/2013/0xxx/CVE-2013-0929.json index cd0496527c9..1f9a5d82c7a 100644 --- a/2013/0xxx/CVE-2013-0929.json +++ b/2013/0xxx/CVE-2013-0929.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-0929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130118 ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0078.html" - }, - { - "name" : "57472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130118 ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0078.html" + }, + { + "name": "57472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57472" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1592.json b/2013/1xxx/CVE-2013-1592.json index b90f7d9ba21..88312df0029 100644 --- a/2013/1xxx/CVE-2013-1592.json +++ b/2013/1xxx/CVE-2013-1592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1808.json b/2013/1xxx/CVE-2013-1808.json index ac591ea30b5..0f08d98e1c9 100644 --- a/2013/1xxx/CVE-2013-1808.json +++ b/2013/1xxx/CVE-2013-1808.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130218 XSS vulnerabilities in ZeroClipboard", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Feb/103" - }, - { - "name" : "20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Feb/109" - }, - { - "name" : "20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Mar/5" - }, - { - "name" : "20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Apr/88" - }, - { - "name" : "20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Apr/87" - }, - { - "name" : "[oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/03/3" - }, - { - "name" : "[oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/10/2" - }, - { - "name" : "[oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/25/1" - }, - { - "name" : "[oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/26/8" - }, - { - "name" : "http://securityvulns.ru/docs29103.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/docs29103.html" - }, - { - "name" : "http://securityvulns.ru/docs29104.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/docs29104.html" - }, - { - "name" : "http://securityvulns.ru/docs29105.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/docs29105.html" - }, - { - "name" : "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108", - "refsource" : "CONFIRM", - "url" : "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108" - }, - { - "name" : "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696", - "refsource" : "CONFIRM", - "url" : "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696" - }, - { - "name" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb", - "refsource" : "CONFIRM", - "url" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb" - }, - { - "name" : "58257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696", + "refsource": "CONFIRM", + "url": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696" + }, + { + "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb", + "refsource": "CONFIRM", + "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb" + }, + { + "name": "[oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/26/8" + }, + { + "name": "20130218 XSS vulnerabilities in ZeroClipboard", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Feb/103" + }, + { + "name": "20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Feb/109" + }, + { + "name": "http://securityvulns.ru/docs29105.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/docs29105.html" + }, + { + "name": "[oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/03/3" + }, + { + "name": "20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Mar/5" + }, + { + "name": "20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Apr/87" + }, + { + "name": "http://securityvulns.ru/docs29103.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/docs29103.html" + }, + { + "name": "http://securityvulns.ru/docs29104.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/docs29104.html" + }, + { + "name": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108", + "refsource": "CONFIRM", + "url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108" + }, + { + "name": "[oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/10/2" + }, + { + "name": "20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Apr/88" + }, + { + "name": "[oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/25/1" + }, + { + "name": "58257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58257" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3066.json b/2013/3xxx/CVE-2013-3066.json index d98c30d205d..9e1b12b3210 100644 --- a/2013/3xxx/CVE-2013-3066.json +++ b/2013/3xxx/CVE-2013-3066.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", - "refsource" : "MISC", - "url" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" - }, - { - "name" : "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php", - "refsource" : "MISC", - "url" : "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", + "refsource": "MISC", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" + }, + { + "name": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php", + "refsource": "MISC", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3138.json b/2013/3xxx/CVE-2013-3138.json index bfc8609daec..b7de8deca6b 100644 --- a/2013/3xxx/CVE-2013-3138.json +++ b/2013/3xxx/CVE-2013-3138.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka \"TCP/IP Integer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-049", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-049" - }, - { - "name" : "TA13-168A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A" - }, - { - "name" : "oval:org.mitre.oval:def:16943", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka \"TCP/IP Integer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-049", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-049" + }, + { + "name": "TA13-168A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A" + }, + { + "name": "oval:org.mitre.oval:def:16943", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16943" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3298.json b/2013/3xxx/CVE-2013-3298.json index 73757f0f6f5..d3415b48145 100644 --- a/2013/3xxx/CVE-2013-3298.json +++ b/2013/3xxx/CVE-2013-3298.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3298", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3298", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3307.json b/2013/3xxx/CVE-2013-3307.json index 8c8085fd210..4b2a68978bd 100644 --- a/2013/3xxx/CVE-2013-3307.json +++ b/2013/3xxx/CVE-2013-3307.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3307", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3307", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3939.json b/2013/3xxx/CVE-2013-3939.json index 64ef34a8f4e..647f9f59725 100644 --- a/2013/3xxx/CVE-2013-3939.json +++ b/2013/3xxx/CVE-2013-3939.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3939", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3939", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4138.json b/2013/4xxx/CVE-2013-4138.json index 0fdd10cbe71..967a145c82b 100644 --- a/2013/4xxx/CVE-2013-4138.json +++ b/2013/4xxx/CVE-2013-4138.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the \"Administer content,\" \"Create new article,\" or \"Edit any article type content\" permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130717 Re: CVE request for Drupal contrib modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/17/1" - }, - { - "name" : "https://drupal.org/node/2038363", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2038363" - }, - { - "name" : "https://drupal.org/node/2038189", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2038189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the \"Administer content,\" \"Create new article,\" or \"Edit any article type content\" permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drupal.org/node/2038363", + "refsource": "MISC", + "url": "https://drupal.org/node/2038363" + }, + { + "name": "https://drupal.org/node/2038189", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2038189" + }, + { + "name": "[oss-security] 20130717 Re: CVE request for Drupal contrib modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/17/1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4481.json b/2013/4xxx/CVE-2013-4481.json index 4ef27f28e7d..a4e98492fab 100644 --- a/2013/4xxx/CVE-2013-4481.json +++ b/2013/4xxx/CVE-2013-4481.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as \"authentication secrets.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=988998", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=988998" - }, - { - "name" : "RHSA-2013:1603", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1603.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as \"authentication secrets.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1603", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=988998", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4770.json b/2013/4xxx/CVE-2013-4770.json index 372ab1dd865..48d77126f97 100644 --- a/2013/4xxx/CVE-2013-4770.json +++ b/2013/4xxx/CVE-2013-4770.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4770", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4770", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4936.json b/2013/4xxx/CVE-2013-4936.json index e2c77765338..b2dba751b83 100644 --- a/2013/4xxx/CVE-2013-4936.json +++ b/2013/4xxx/CVE-2013-4936.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/plugins/profinet/packet-pn-rt.c?r1=50651&r2=50650&pathrev=50651", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/plugins/profinet/packet-pn-rt.c?r1=50651&r2=50650&pathrev=50651" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50651", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50651" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2013-53.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2013-53.html" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "oval:org.mitre.oval:def:16971", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16971" - }, - { - "name" : "54296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54296" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2013-53.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2013-53.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50651", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50651" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "oval:org.mitre.oval:def:16971", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16971" + }, + { + "name": "54296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54296" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/plugins/profinet/packet-pn-rt.c?r1=50651&r2=50650&pathrev=50651", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/plugins/profinet/packet-pn-rt.c?r1=50651&r2=50650&pathrev=50651" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12083.json b/2017/12xxx/CVE-2017-12083.json index 34eb07fde1a..5fe7f8dc0dc 100644 --- a/2017/12xxx/CVE-2017-12083.json +++ b/2017/12xxx/CVE-2017-12083.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-12083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Circle", - "version" : { - "version_data" : [ - { - "version_value" : "firmware 2.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Circle Media" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-12083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Circle", + "version": { + "version_data": [ + { + "version_value": "firmware 2.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Circle Media" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12189.json b/2017/12xxx/CVE-2017-12189.json index d4cb1e91510..9ff94925914 100644 --- a/2017/12xxx/CVE-2017-12189.json +++ b/2017/12xxx/CVE-2017-12189.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-10-09T00:00:00", - "ID" : "CVE-2017-12189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Red Hat JBoss Enterprise Application Platform", - "version" : { - "version_data" : [ - { - "version_value" : "7.0.7.GA" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-282" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-10-09T00:00:00", + "ID": "CVE-2017-12189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Red Hat JBoss Enterprise Application Platform", + "version": { + "version_data": [ + { + "version_value": "7.0.7.GA" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189" - }, - { - "name" : "RHSA-2018:0002", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0002" - }, - { - "name" : "RHSA-2018:0003", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0003" - }, - { - "name" : "RHSA-2018:0004", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0004" - }, - { - "name" : "RHSA-2018:0005", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0005" - }, - { - "name" : "102407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-282" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189" + }, + { + "name": "RHSA-2018:0002", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0002" + }, + { + "name": "RHSA-2018:0004", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0004" + }, + { + "name": "RHSA-2018:0003", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0003" + }, + { + "name": "RHSA-2018:0005", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0005" + }, + { + "name": "102407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102407" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12397.json b/2017/12xxx/CVE-2017-12397.json index d164aa7c602..ead733782b8 100644 --- a/2017/12xxx/CVE-2017-12397.json +++ b/2017/12xxx/CVE-2017-12397.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12397", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12397", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12784.json b/2017/12xxx/CVE-2017-12784.json index ad2852e5481..39232dca47c 100644 --- a/2017/12xxx/CVE-2017-12784.json +++ b/2017/12xxx/CVE-2017-12784.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view", - "refsource" : "MISC", - "url" : "https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view", + "refsource": "MISC", + "url": "https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13000.json b/2017/13xxx/CVE-2017-13000.json index 6f98c3c7ccf..6a8526a166e 100644 --- a/2017/13xxx/CVE-2017-13000.json +++ b/2017/13xxx/CVE-2017-13000.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35da1d48b9f8466f43f", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35da1d48b9f8466f43f" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb110a740c6ff0cb97", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb110a740c6ff0cb97" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57946bade7dfd6b184", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57946bade7dfd6b184" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35da1d48b9f8466f43f", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35da1d48b9f8466f43f" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57946bade7dfd6b184", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57946bade7dfd6b184" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb110a740c6ff0cb97", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb110a740c6ff0cb97" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13417.json b/2017/13xxx/CVE-2017-13417.json index 9d978379928..3a7d0be19db 100644 --- a/2017/13xxx/CVE-2017-13417.json +++ b/2017/13xxx/CVE-2017-13417.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13417", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13417", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13531.json b/2017/13xxx/CVE-2017-13531.json index be8f1af0dc1..a72051ee6a5 100644 --- a/2017/13xxx/CVE-2017-13531.json +++ b/2017/13xxx/CVE-2017-13531.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13531", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13531", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13884.json b/2017/13xxx/CVE-2017-13884.json index 08ffdcc58ea..e6ac23dfb26 100644 --- a/2017/13xxx/CVE-2017-13884.json +++ b/2017/13xxx/CVE-2017-13884.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208324", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208324" - }, - { - "name" : "https://support.apple.com/HT208325", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208325" - }, - { - "name" : "https://support.apple.com/HT208326", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208326" - }, - { - "name" : "https://support.apple.com/HT208327", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208327" - }, - { - "name" : "https://support.apple.com/HT208328", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208328" - }, - { - "name" : "https://support.apple.com/HT208334", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208334" - }, - { - "name" : "USN-3551-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3551-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208327", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208327" + }, + { + "name": "https://support.apple.com/HT208325", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208325" + }, + { + "name": "https://support.apple.com/HT208334", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208334" + }, + { + "name": "https://support.apple.com/HT208324", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208324" + }, + { + "name": "https://support.apple.com/HT208326", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208326" + }, + { + "name": "USN-3551-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3551-1/" + }, + { + "name": "https://support.apple.com/HT208328", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208328" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16469.json b/2017/16xxx/CVE-2017-16469.json index 3240208e4f8..3a2d9a8b52f 100644 --- a/2017/16xxx/CVE-2017-16469.json +++ b/2017/16xxx/CVE-2017-16469.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16469", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16469", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16645.json b/2017/16xxx/CVE-2017-16645.json index 20ba525d9cd..081aaa37171 100644 --- a/2017/16xxx/CVE-2017-16645.json +++ b/2017/16xxx/CVE-2017-16645.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a" - }, - { - "name" : "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ", - "refsource" : "MISC", - "url" : "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ" - }, - { - "name" : "USN-3617-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-1/" - }, - { - "name" : "USN-3617-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-2/" - }, - { - "name" : "USN-3617-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-3/" - }, - { - "name" : "USN-3619-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-1/" - }, - { - "name" : "USN-3619-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-2/" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "101768", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3617-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-1/" + }, + { + "name": "USN-3619-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-2/" + }, + { + "name": "USN-3617-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-3/" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a" + }, + { + "name": "101768", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101768" + }, + { + "name": "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ", + "refsource": "MISC", + "url": "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ" + }, + { + "name": "USN-3617-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-2/" + }, + { + "name": "USN-3619-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16744.json b/2017/16xxx/CVE-2017-16744.json index ec7aa68bf40..85a1adbb5ab 100644 --- a/2017/16xxx/CVE-2017-16744.json +++ b/2017/16xxx/CVE-2017-16744.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-16T00:00:00", - "ID" : "CVE-2017-16744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Niagara AX Framework and Niagara 4 Framework", - "version" : { - "version_data" : [ - { - "version_value" : "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-16T00:00:00", + "ID": "CVE-2017-16744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Niagara AX Framework and Niagara 4 Framework", + "version": { + "version_data": [ + { + "version_value": "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03" - }, - { - "name" : "105101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105101" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16866.json b/2017/16xxx/CVE-2017-16866.json index 4b3d2674048..f172e3934b1 100644 --- a/2017/16xxx/CVE-2017-16866.json +++ b/2017/16xxx/CVE-2017-16866.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitee.com/dayrui/finecms/commit/09d4f3c1a1b8598ce8967e158b16b9fe44936c50", - "refsource" : "CONFIRM", - "url" : "https://gitee.com/dayrui/finecms/commit/09d4f3c1a1b8598ce8967e158b16b9fe44936c50" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitee.com/dayrui/finecms/commit/09d4f3c1a1b8598ce8967e158b16b9fe44936c50", + "refsource": "CONFIRM", + "url": "https://gitee.com/dayrui/finecms/commit/09d4f3c1a1b8598ce8967e158b16b9fe44936c50" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16980.json b/2017/16xxx/CVE-2017-16980.json index 8eb911f63ff..c39fbb9df2f 100644 --- a/2017/16xxx/CVE-2017-16980.json +++ b/2017/16xxx/CVE-2017-16980.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16980", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16980", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17159.json b/2017/17xxx/CVE-2017-17159.json index 590b8c93587..0f0c54b8f87 100644 --- a/2017/17xxx/CVE-2017-17159.json +++ b/2017/17xxx/CVE-2017-17159.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MT8-EMUI4.1,NTS-AL00", - "version" : { - "version_data" : [ - { - "version_value" : "NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01,NTS-AL00C00B535" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MT8-EMUI4.1,NTS-AL00", + "version": { + "version_data": [ + { + "version_value": "NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01,NTS-AL00C00B535" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17427.json b/2017/17xxx/CVE-2017-17427.json index 960c8217399..2d5e91912b9 100644 --- a/2017/17xxx/CVE-2017-17427.json +++ b/2017/17xxx/CVE-2017-17427.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://robotattack.org/", - "refsource" : "MISC", - "url" : "https://robotattack.org/" - }, - { - "name" : "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability", - "refsource" : "CONFIRM", - "url" : "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability" - }, - { - "name" : "VU#144389", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/144389" - }, - { - "name" : "102199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://robotattack.org/", + "refsource": "MISC", + "url": "https://robotattack.org/" + }, + { + "name": "102199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102199" + }, + { + "name": "VU#144389", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/144389" + }, + { + "name": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability", + "refsource": "CONFIRM", + "url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17602.json b/2017/17xxx/CVE-2017-17602.json index 220b6053c51..010cd4ba466 100644 --- a/2017/17xxx/CVE-2017-17602.json +++ b/2017/17xxx/CVE-2017-17602.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43263", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43263/" - }, - { - "name" : "https://packetstormsecurity.com/files/145299/Advance-B2B-Script-2.1.3-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145299/Advance-B2B-Script-2.1.3-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145299/Advance-B2B-Script-2.1.3-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145299/Advance-B2B-Script-2.1.3-SQL-Injection.html" + }, + { + "name": "43263", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43263/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18005.json b/2018/18xxx/CVE-2018-18005.json index 7d0858f23f2..d57831743c6 100644 --- a/2018/18xxx/CVE-2018-18005.json +++ b/2018/18xxx/CVE-2018-18005.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244" - }, - { - "name" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf", - "refsource" : "CONFIRM", - "url" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244" + }, + { + "name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf", + "refsource": "CONFIRM", + "url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18119.json b/2018/18xxx/CVE-2018-18119.json index b33c278c22f..ac931e0da26 100644 --- a/2018/18xxx/CVE-2018-18119.json +++ b/2018/18xxx/CVE-2018-18119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18344.json b/2018/18xxx/CVE-2018-18344.json index d289e8741b0..e5ad98fcf8c 100644 --- a/2018/18xxx/CVE-2018-18344.json +++ b/2018/18xxx/CVE-2018-18344.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-18344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-18344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/866426", - "refsource" : "MISC", - "url" : "https://crbug.com/866426" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4352", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4352" - }, - { - "name" : "RHSA-2018:3803", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3803" - }, - { - "name" : "106084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/866426", + "refsource": "MISC", + "url": "https://crbug.com/866426" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:3803", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3803" + }, + { + "name": "DSA-4352", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4352" + }, + { + "name": "106084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106084" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18701.json b/2018/18xxx/CVE-2018-18701.json index 43d6d21bb61..fc22ea3f1c5 100644 --- a/2018/18xxx/CVE-2018-18701.json +++ b/2018/18xxx/CVE-2018-18701.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675", - "refsource" : "MISC", - "url" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675", + "refsource": "MISC", + "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19296.json b/2018/19xxx/CVE-2018-19296.json index aaa7dc04ad0..aac6b070960 100644 --- a/2018/19xxx/CVE-2018-19296.json +++ b/2018/19xxx/CVE-2018-19296.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181228 [SECURITY] [DLA 1591-2] libphp-phpmailer regression update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html" - }, - { - "name" : "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27", - "refsource" : "MISC", - "url" : "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27" - }, - { - "name" : "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6", - "refsource" : "MISC", - "url" : "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6" - }, - { - "name" : "DSA-4351", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27", + "refsource": "MISC", + "url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27" + }, + { + "name": "[debian-lts-announce] 20181228 [SECURITY] [DLA 1591-2] libphp-phpmailer regression update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html" + }, + { + "name": "DSA-4351", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4351" + }, + { + "name": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6", + "refsource": "MISC", + "url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1061.json b/2018/1xxx/CVE-2018-1061.json index 1a98713ee53..0581ec744e2 100644 --- a/2018/1xxx/CVE-2018-1061.json +++ b/2018/1xxx/CVE-2018-1061.json @@ -1,141 +1,141 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-1061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "python", - "version" : { - "version_data" : [ - { - "version_value" : "python 2.7.15" - }, - { - "version_value" : "python 3.4.9" - }, - { - "version_value" : "python 3.5.6" - }, - { - "version_value" : "python 3.7.0" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "python", + "version": { + "version_data": [ + { + "version_value": "python 2.7.15" + }, + { + "version_value": "python 3.4.9" + }, + { + "version_value": "python 3.5.6" + }, + { + "version_value": "python 3.7.0" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" - }, - { - "name" : "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" - }, - { - "name" : "https://bugs.python.org/issue32981", - "refsource" : "CONFIRM", - "url" : "https://bugs.python.org/issue32981" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061" - }, - { - "name" : "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "refsource" : "CONFIRM", - "url" : "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1" - }, - { - "name" : "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "refsource" : "CONFIRM", - "url" : "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1" - }, - { - "name" : "DSA-4306", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4306" - }, - { - "name" : "DSA-4307", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4307" - }, - { - "name" : "RHSA-2018:3041", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3041" - }, - { - "name" : "RHSA-2018:3505", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3505" - }, - { - "name" : "USN-3817-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3817-1/" - }, - { - "name" : "USN-3817-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3817-2/" - }, - { - "name" : "1042001", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4306", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4306" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061" + }, + { + "name": "1042001", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042001" + }, + { + "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" + }, + { + "name": "https://bugs.python.org/issue32981", + "refsource": "CONFIRM", + "url": "https://bugs.python.org/issue32981" + }, + { + "name": "USN-3817-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3817-2/" + }, + { + "name": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "refsource": "CONFIRM", + "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1" + }, + { + "name": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "refsource": "CONFIRM", + "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1" + }, + { + "name": "RHSA-2018:3505", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3505" + }, + { + "name": "RHSA-2018:3041", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3041" + }, + { + "name": "DSA-4307", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4307" + }, + { + "name": "USN-3817-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3817-1/" + }, + { + "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1106.json b/2018/1xxx/CVE-2018-1106.json index 020f750d6b6..980774b3079 100644 --- a/2018/1xxx/CVE-2018-1106.json +++ b/2018/1xxx/CVE-2018-1106.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-04-23T00:00:00", - "ID" : "CVE-2018-1106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PackageKit", - "version" : { - "version_data" : [ - { - "version_value" : "before 1.1.10" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-04-23T00:00:00", + "ID": "CVE-2018-1106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PackageKit", + "version": { + "version_data": [ + { + "version_value": "before 1.1.10" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/04/23/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1565992", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1565992" - }, - { - "name" : "DSA-4207", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4207" - }, - { - "name" : "RHSA-2018:1224", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1224" - }, - { - "name" : "USN-3634-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3634-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3634-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3634-1/" + }, + { + "name": "DSA-4207", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4207" + }, + { + "name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/04/23/3" + }, + { + "name": "RHSA-2018:1224", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1224" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1531.json b/2018/1xxx/CVE-2018-1531.json index 6a9449bbdcb..c0400bc6bfd 100644 --- a/2018/1xxx/CVE-2018-1531.json +++ b/2018/1xxx/CVE-2018-1531.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1531", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1531", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1620.json b/2018/1xxx/CVE-2018-1620.json index 08681a14b97..b49b3952c7b 100644 --- a/2018/1xxx/CVE-2018-1620.json +++ b/2018/1xxx/CVE-2018-1620.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1620", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1620", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5570.json b/2018/5xxx/CVE-2018-5570.json index 7274656666c..340072842dd 100644 --- a/2018/5xxx/CVE-2018-5570.json +++ b/2018/5xxx/CVE-2018-5570.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5570", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5570", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5827.json b/2018/5xxx/CVE-2018-5827.json index 95888508ceb..6e94073991d 100644 --- a/2018/5xxx/CVE-2018-5827.json +++ b/2018/5xxx/CVE-2018-5827.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2018-5827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2018-5827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=53e6d889ac29336ba212a0d4a987455a85736fa8", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=53e6d889ac29336ba212a0d4a987455a85736fa8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=53e6d889ac29336ba212a0d4a987455a85736fa8", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=53e6d889ac29336ba212a0d4a987455a85736fa8" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file