From 9081ef56eeeb06978c5ce901ca20d6b38b82d4d8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:04:26 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0142.json | 170 ++++++++-------- 2001/0xxx/CVE-2001-0169.json | 200 +++++++++---------- 2001/0xxx/CVE-2001-0413.json | 160 ++++++++-------- 2001/0xxx/CVE-2001-0785.json | 130 ++++++------- 2001/1xxx/CVE-2001-1295.json | 140 +++++++------- 2001/1xxx/CVE-2001-1452.json | 150 +++++++-------- 2006/2xxx/CVE-2006-2087.json | 180 ++++++++--------- 2006/2xxx/CVE-2006-2131.json | 150 +++++++-------- 2006/2xxx/CVE-2006-2928.json | 180 ++++++++--------- 2008/5xxx/CVE-2008-5380.json | 150 +++++++-------- 2008/5xxx/CVE-2008-5731.json | 200 +++++++++---------- 2008/5xxx/CVE-2008-5762.json | 150 +++++++-------- 2011/2xxx/CVE-2011-2056.json | 34 ++-- 2011/2xxx/CVE-2011-2162.json | 170 ++++++++-------- 2011/2xxx/CVE-2011-2196.json | 210 ++++++++++---------- 2011/2xxx/CVE-2011-2443.json | 150 +++++++-------- 2011/2xxx/CVE-2011-2887.json | 180 ++++++++--------- 2011/3xxx/CVE-2011-3009.json | 170 ++++++++-------- 2011/3xxx/CVE-2011-3343.json | 200 +++++++++---------- 2011/3xxx/CVE-2011-3411.json | 160 ++++++++-------- 2011/4xxx/CVE-2011-4297.json | 140 +++++++------- 2013/0xxx/CVE-2013-0113.json | 120 ++++++------ 2013/0xxx/CVE-2013-0334.json | 190 +++++++++--------- 2013/0xxx/CVE-2013-0497.json | 34 ++-- 2013/1xxx/CVE-2013-1532.json | 160 ++++++++-------- 2013/4xxx/CVE-2013-4176.json | 34 ++-- 2013/4xxx/CVE-2013-4585.json | 34 ++-- 2013/5xxx/CVE-2013-5210.json | 130 ++++++------- 2013/5xxx/CVE-2013-5221.json | 130 ++++++------- 2013/5xxx/CVE-2013-5223.json | 290 ++++++++++++++-------------- 2013/5xxx/CVE-2013-5687.json | 34 ++-- 2013/5xxx/CVE-2013-5793.json | 150 +++++++-------- 2014/2xxx/CVE-2014-2696.json | 34 ++-- 2017/0xxx/CVE-2017-0040.json | 150 +++++++-------- 2017/0xxx/CVE-2017-0489.json | 176 ++++++++--------- 2017/1000xxx/CVE-2017-1000421.json | 144 +++++++------- 2017/1000xxx/CVE-2017-1000453.json | 124 ++++++------ 2017/12xxx/CVE-2017-12096.json | 122 ++++++------ 2017/12xxx/CVE-2017-12168.json | 150 +++++++-------- 2017/12xxx/CVE-2017-12551.json | 140 +++++++------- 2017/12xxx/CVE-2017-12578.json | 34 ++-- 2017/12xxx/CVE-2017-12676.json | 130 ++++++------- 2017/16xxx/CVE-2017-16357.json | 130 ++++++------- 2017/16xxx/CVE-2017-16509.json | 34 ++-- 2017/16xxx/CVE-2017-16777.json | 130 ++++++------- 2017/16xxx/CVE-2017-16928.json | 140 +++++++------- 2017/4xxx/CVE-2017-4028.json | 298 ++++++++++++++--------------- 2017/4xxx/CVE-2017-4167.json | 34 ++-- 2017/4xxx/CVE-2017-4305.json | 34 ++-- 2017/4xxx/CVE-2017-4694.json | 34 ++-- 2018/18xxx/CVE-2018-18054.json | 34 ++-- 2018/18xxx/CVE-2018-18101.json | 34 ++-- 2018/18xxx/CVE-2018-18337.json | 162 ++++++++-------- 2018/5xxx/CVE-2018-5573.json | 34 ++-- 2018/5xxx/CVE-2018-5639.json | 34 ++-- 2018/5xxx/CVE-2018-5686.json | 140 +++++++------- 2018/5xxx/CVE-2018-5824.json | 122 ++++++------ 2018/5xxx/CVE-2018-5970.json | 120 ++++++------ 58 files changed, 3699 insertions(+), 3699 deletions(-) diff --git a/2001/0xxx/CVE-2001-0142.json b/2001/0xxx/CVE-2001-0142.json index 82c61f3c3a0..8599e6dc661 100644 --- a/2001/0xxx/CVE-2001-0142.json +++ b/2001/0xxx/CVE-2001-0142.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010112 Trustix Security Advisory - diffutils squid", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html" - }, - { - "name" : "20010110 Immunix OS Security update for lots of temp file problems", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97916374410647&w=2" - }, - { - "name" : "MDKSA-2001:003", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3" - }, - { - "name" : "DSA-019", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-019" - }, - { - "name" : "squid-email-symlink(5921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5921" - }, - { - "name" : "2184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010110 Immunix OS Security update for lots of temp file problems", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97916374410647&w=2" + }, + { + "name": "2184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2184" + }, + { + "name": "DSA-019", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-019" + }, + { + "name": "squid-email-symlink(5921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5921" + }, + { + "name": "MDKSA-2001:003", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3" + }, + { + "name": "20010112 Trustix Security Advisory - diffutils squid", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0169.json b/2001/0xxx/CVE-2001-0169.json index 8ac3693c9fc..d4ea03f4fd4 100644 --- a/2001/0xxx/CVE-2001-0169.json +++ b/2001/0xxx/CVE-2001-0169.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2001:012", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2" - }, - { - "name" : "SuSE-SA:2001:01", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2001_001_glibc_txt.html" - }, - { - "name" : "CSSA-2001-007", - "refsource" : "CALDERA", - "url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt" - }, - { - "name" : "RHSA-2001:002", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-002.html" - }, - { - "name" : "DSA-039", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-039" - }, - { - "name" : "TLSA2000021-2", - "refsource" : "TURBO", - "url" : "http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html" - }, - { - "name" : "20010121 Trustix Security Advisory - glibc", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/157650" - }, - { - "name" : "2223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2223" - }, - { - "name" : "linux-glibc-preload-overwrite(5971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SuSE-SA:2001:01", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2001_001_glibc_txt.html" + }, + { + "name": "DSA-039", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-039" + }, + { + "name": "linux-glibc-preload-overwrite(5971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5971" + }, + { + "name": "2223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2223" + }, + { + "name": "20010121 Trustix Security Advisory - glibc", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/157650" + }, + { + "name": "MDKSA-2001:012", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2" + }, + { + "name": "RHSA-2001:002", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-002.html" + }, + { + "name": "TLSA2000021-2", + "refsource": "TURBO", + "url": "http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html" + }, + { + "name": "CSSA-2001-007", + "refsource": "CALDERA", + "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0413.json b/2001/0xxx/CVE-2001-0413.json index cae7bf53f9d..7e8c14b026b 100644 --- a/2001/0xxx/CVE-2001-0413.json +++ b/2001/0xxx/CVE-2001-0413.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010404 BinTec X4000 Access Router DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98644414226344&w=2" - }, - { - "name" : "20010406 X4000 DoS: Details and workaround", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98659862317070&w=2" - }, - { - "name" : "20010410 BinTec Router DoS: Workaround and Details", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html" - }, - { - "name" : "20010409 BINTEC X1200", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98697054804197&w=2" - }, - { - "name" : "bintec-x4000-nmap-dos(6323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010409 BINTEC X1200", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98697054804197&w=2" + }, + { + "name": "20010404 BinTec X4000 Access Router DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98644414226344&w=2" + }, + { + "name": "bintec-x4000-nmap-dos(6323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6323" + }, + { + "name": "20010410 BinTec Router DoS: Workaround and Details", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html" + }, + { + "name": "20010406 X4000 DoS: Details and workaround", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98659862317070&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0785.json b/2001/0xxx/CVE-2001-0785.json index 06d3a316aa2..e345c6ca214 100644 --- a/2001/0xxx/CVE-2001-0785.json +++ b/2001/0xxx/CVE-2001-0785.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010618 Multiple Vulnerabilities In AMLServer", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html" - }, - { - "name" : "2883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2883" + }, + { + "name": "20010618 Multiple Vulnerabilities In AMLServer", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1295.json b/2001/1xxx/CVE-2001-1295.json index d730ab0fa34..62525fd94ef 100644 --- a/2001/1xxx/CVE-2001-1295.json +++ b/2001/1xxx/CVE-2001-1295.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes", - "refsource" : "CONFIRM", - "url" : "http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5SP0M0055W.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5SP0M0055W.html" - }, - { - "name" : "cerberus-ftp-directory-traversal(7004)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7004.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes", + "refsource": "CONFIRM", + "url": "http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes" + }, + { + "name": "cerberus-ftp-directory-traversal(7004)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7004.php" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5SP0M0055W.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5SP0M0055W.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1452.json b/2001/1xxx/CVE-2001-1452.json index a26ad922e3d..df48a61d836 100644 --- a/2001/1xxx/CVE-2001-1452.json +++ b/2001/1xxx/CVE-2001-1452.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "Q241352", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=KB;en-us;q241352" - }, - { - "name" : "VU#109475", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/109475" - }, - { - "name" : "6791", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6791" - }, - { - "name" : "nt-ms-dns-cachepollution(3675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nt-ms-dns-cachepollution(3675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3675" + }, + { + "name": "6791", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6791" + }, + { + "name": "VU#109475", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/109475" + }, + { + "name": "Q241352", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=KB;en-us;q241352" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2087.json b/2006/2xxx/CVE-2006-2087.json index 50c92623833..8b103ddb3db 100644 --- a/2006/2xxx/CVE-2006-2087.json +++ b/2006/2xxx/CVE-2006-2087.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/01-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/01-e.html" - }, - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/index-e.html" - }, - { - "name" : "JVN#89344424", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2389344424/index.html" - }, - { - "name" : "ADV-2006-1539", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1539" - }, - { - "name" : "24969", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24969" - }, - { - "name" : "19840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19840" - }, - { - "name" : "hitachi-groupmax-client-dos(26099)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hitachi-groupmax-client-dos(26099)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26099" + }, + { + "name": "JVN#89344424", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2389344424/index.html" + }, + { + "name": "19840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19840" + }, + { + "name": "24969", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24969" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/01-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/01-e.html" + }, + { + "name": "ADV-2006-1539", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1539" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/index-e.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2131.json b/2006/2xxx/CVE-2006-2131.json index dd21a08f321..9c0f1f6a104 100644 --- a/2006/2xxx/CVE-2006-2131.json +++ b/2006/2xxx/CVE-2006-2131.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://evuln.com/vulns/131/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/131/summary.html" - }, - { - "name" : "ADV-2006-1603", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1603" - }, - { - "name" : "19899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19899" - }, - { - "name" : "advancedpoll-header-spoofing(26154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://evuln.com/vulns/131/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/131/summary.html" + }, + { + "name": "19899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19899" + }, + { + "name": "advancedpoll-header-spoofing(26154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26154" + }, + { + "name": "ADV-2006-1603", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1603" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2928.json b/2006/2xxx/CVE-2006-2928.json index d6eaae51982..e8393d41793 100644 --- a/2006/2xxx/CVE-2006-2928.json +++ b/2006/2xxx/CVE-2006-2928.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060608 cms-bandits 2.5, Remote command execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436430/100/0/threaded" - }, - { - "name" : "ADV-2006-2211", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2211" - }, - { - "name" : "26241", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26241" - }, - { - "name" : "26242", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26242" - }, - { - "name" : "20507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20507" - }, - { - "name" : "1068", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1068" - }, - { - "name" : "cmsbandits-spawroot-file-include(27001)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2211", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2211" + }, + { + "name": "20060608 cms-bandits 2.5, Remote command execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436430/100/0/threaded" + }, + { + "name": "26241", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26241" + }, + { + "name": "26242", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26242" + }, + { + "name": "cmsbandits-spawroot-file-include(27001)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27001" + }, + { + "name": "1068", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1068" + }, + { + "name": "20507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20507" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5380.json b/2008/5xxx/CVE-2008-5380.json index 8e59a261933..affbbbcf9c8 100644 --- a/2008/5xxx/CVE-2008-5380.json +++ b/2008/5xxx/CVE-2008-5380.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-devel/2008/08/msg00285.html" - }, - { - "name" : "FEDORA-2009-1366", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00187.html" - }, - { - "name" : "33825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33825" - }, - { - "name" : "31694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-1366", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00187.html" + }, + { + "name": "31694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31694" + }, + { + "name": "33825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33825" + }, + { + "name": "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-devel/2008/08/msg00285.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5731.json b/2008/5xxx/CVE-2008-5731.json index eb82a27b471..bd7d4dbfff1 100644 --- a/2008/5xxx/CVE-2008-5731.json +++ b/2008/5xxx/CVE-2008-5731.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a \"Driver Collapse.\" NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081223 PGP Desktop 9.0.6 Denial Of Service - ZeroDay", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499572/100/0/threaded" - }, - { - "name" : "7556", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7556" - }, - { - "name" : "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php", - "refsource" : "MISC", - "url" : "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php" - }, - { - "name" : "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php", - "refsource" : "MISC", - "url" : "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php" - }, - { - "name" : "32991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32991" - }, - { - "name" : "50914", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50914" - }, - { - "name" : "1021493", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021493" - }, - { - "name" : "33310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33310" - }, - { - "name" : "4811", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a \"Driver Collapse.\" NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021493", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021493" + }, + { + "name": "20081223 PGP Desktop 9.0.6 Denial Of Service - ZeroDay", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499572/100/0/threaded" + }, + { + "name": "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php", + "refsource": "MISC", + "url": "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php" + }, + { + "name": "33310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33310" + }, + { + "name": "7556", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7556" + }, + { + "name": "32991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32991" + }, + { + "name": "4811", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4811" + }, + { + "name": "50914", + "refsource": "OSVDB", + "url": "http://osvdb.org/50914" + }, + { + "name": "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php", + "refsource": "MISC", + "url": "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5762.json b/2008/5xxx/CVE-2008-5762.json index cf3a0df2902..69392cfc135 100644 --- a/2008/5xxx/CVE-2008-5762.json +++ b/2008/5xxx/CVE-2008-5762.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7444", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7444" - }, - { - "name" : "50712", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50712" - }, - { - "name" : "33110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33110" - }, - { - "name" : "4847", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7444", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7444" + }, + { + "name": "50712", + "refsource": "OSVDB", + "url": "http://osvdb.org/50712" + }, + { + "name": "33110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33110" + }, + { + "name": "4847", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4847" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2056.json b/2011/2xxx/CVE-2011-2056.json index c2a214c62a4..042a52916c0 100644 --- a/2011/2xxx/CVE-2011-2056.json +++ b/2011/2xxx/CVE-2011-2056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2162.json b/2011/2xxx/CVE-2011-2162.json index ee919d9f258..8b49bcc48ef 100644 --- a/2011/2xxx/CVE-2011-2162.json +++ b/2011/2xxx/CVE-2011-2162.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues \"originally discovered by Google Chrome developers.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDVSA-2011:059", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:059" - }, - { - "name" : "MDVSA-2011:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" - }, - { - "name" : "MDVSA-2011:061", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" - }, - { - "name" : "MDVSA-2011:062", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062" - }, - { - "name" : "MDVSA-2011:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" - }, - { - "name" : "MDVSA-2011:089", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues \"originally discovered by Google Chrome developers.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" + }, + { + "name": "MDVSA-2011:061", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" + }, + { + "name": "MDVSA-2011:062", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062" + }, + { + "name": "MDVSA-2011:089", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089" + }, + { + "name": "MDVSA-2011:059", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:059" + }, + { + "name": "MDVSA-2011:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2196.json b/2011/2xxx/CVE-2011-2196.json index bf7f9772149..62e0f0b4d82 100644 --- a/2011/2xxx/CVE-2011-2196.json +++ b/2011/2xxx/CVE-2011-2196.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=712283", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=712283" - }, - { - "name" : "RHSA-2011:0945", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0945.html" - }, - { - "name" : "RHSA-2011:0946", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0946.html" - }, - { - "name" : "RHSA-2011:0947", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0947.html" - }, - { - "name" : "RHSA-2011:0948", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0948.html" - }, - { - "name" : "RHSA-2011:0949", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0949.html" - }, - { - "name" : "RHSA-2011:0950", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0950.html" - }, - { - "name" : "RHSA-2011:0951", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0951.html" - }, - { - "name" : "RHSA-2011:0952", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0952.html" - }, - { - "name" : "48716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48716" + }, + { + "name": "RHSA-2011:0946", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0946.html" + }, + { + "name": "RHSA-2011:0948", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0948.html" + }, + { + "name": "RHSA-2011:0949", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0949.html" + }, + { + "name": "RHSA-2011:0951", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0951.html" + }, + { + "name": "RHSA-2011:0945", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0945.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=712283", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712283" + }, + { + "name": "RHSA-2011:0950", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0950.html" + }, + { + "name": "RHSA-2011:0947", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0947.html" + }, + { + "name": "RHSA-2011:0952", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0952.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2443.json b/2011/2xxx/CVE-2011-2443.json index fad50549b8e..2d3a32eebd5 100644 --- a/2011/2xxx/CVE-2011-2443.json +++ b/2011/2xxx/CVE-2011-2443.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17918", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17918/" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php" - }, - { - "name" : "http://www.adobe.com/support/security/advisories/apsa11-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa11-03.html" - }, - { - "name" : "8410", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php" + }, + { + "name": "8410", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8410" + }, + { + "name": "http://www.adobe.com/support/security/advisories/apsa11-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa11-03.html" + }, + { + "name": "17918", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17918/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2887.json b/2011/2xxx/CVE-2011-2887.json index 0ef08becac7..9057b602340 100644 --- a/2011/2xxx/CVE-2011-2887.json +++ b/2011/2xxx/CVE-2011-2887.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements" - }, - { - "name" : "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21505448", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21505448" - }, - { - "name" : "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm", - "refsource" : "CONFIRM", - "url" : "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm" - }, - { - "name" : "48936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48936" - }, - { - "name" : "74163", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74163" - }, - { - "name" : "lotus-symphony-document-dos(68889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-symphony-document-dos(68889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68889" + }, + { + "name": "48936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48936" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21505448", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21505448" + }, + { + "name": "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements" + }, + { + "name": "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm", + "refsource": "CONFIRM", + "url": "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm" + }, + { + "name": "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm" + }, + { + "name": "74163", + "refsource": "OSVDB", + "url": "http://osvdb.org/74163" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3009.json b/2011/3xxx/CVE-2011-3009.json index af2d882e527..408f9ee7f36 100644 --- a/2011/3xxx/CVE-2011-3009.json +++ b/2011/3xxx/CVE-2011-3009.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/20/1" - }, - { - "name" : "http://redmine.ruby-lang.org/issues/show/4338", - "refsource" : "MISC", - "url" : "http://redmine.ruby-lang.org/issues/show/4338" - }, - { - "name" : "RHSA-2011:1581", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1581.html" - }, - { - "name" : "RHSA-2012:0070", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0070.html" - }, - { - "name" : "49126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49126" - }, - { - "name" : "ruby-random-number-weak-security(69157)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49126" + }, + { + "name": "RHSA-2011:1581", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1581.html" + }, + { + "name": "ruby-random-number-weak-security(69157)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69157" + }, + { + "name": "RHSA-2012:0070", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0070.html" + }, + { + "name": "http://redmine.ruby-lang.org/issues/show/4338", + "refsource": "MISC", + "url": "http://redmine.ruby-lang.org/issues/show/4338" + }, + { + "name": "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/20/1" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3343.json b/2011/3xxx/CVE-2011-3343.json index 8252f15e0b4..3024b74df07 100644 --- a/2011/3xxx/CVE-2011-3343.json +++ b/2011/3xxx/CVE-2011-3343.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110902 CVE request for OpenTTD", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/09/02/4" - }, - { - "name" : "[oss-security] 20110906 Re: CVE request for OpenTTD", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/09/06/2" - }, - { - "name" : "http://bugs.openttd.org/task/4746", - "refsource" : "CONFIRM", - "url" : "http://bugs.openttd.org/task/4746" - }, - { - "name" : "http://bugs.openttd.org/task/4747", - "refsource" : "CONFIRM", - "url" : "http://bugs.openttd.org/task/4747" - }, - { - "name" : "http://security.openttd.org/en/CVE-2011-3343", - "refsource" : "CONFIRM", - "url" : "http://security.openttd.org/en/CVE-2011-3343" - }, - { - "name" : "DSA-2386", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2386" - }, - { - "name" : "FEDORA-2011-12975", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066128.html" - }, - { - "name" : "49439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49439" - }, - { - "name" : "46075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.openttd.org/en/CVE-2011-3343", + "refsource": "CONFIRM", + "url": "http://security.openttd.org/en/CVE-2011-3343" + }, + { + "name": "FEDORA-2011-12975", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066128.html" + }, + { + "name": "46075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46075" + }, + { + "name": "DSA-2386", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2386" + }, + { + "name": "http://bugs.openttd.org/task/4746", + "refsource": "CONFIRM", + "url": "http://bugs.openttd.org/task/4746" + }, + { + "name": "[oss-security] 20110902 CVE request for OpenTTD", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/09/02/4" + }, + { + "name": "http://bugs.openttd.org/task/4747", + "refsource": "CONFIRM", + "url": "http://bugs.openttd.org/task/4747" + }, + { + "name": "49439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49439" + }, + { + "name": "[oss-security] 20110906 Re: CVE request for OpenTTD", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/09/06/2" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3411.json b/2011/3xxx/CVE-2011-3411.json index ace7b0a8c59..5975527fca2 100644 --- a/2011/3xxx/CVE-2011-3411.json +++ b/2011/3xxx/CVE-2011-3411.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka \"Publisher Invalid Pointer Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-3411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-091", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-091" - }, - { - "name" : "TA11-347A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" - }, - { - "name" : "VU#361441", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/361441" - }, - { - "name" : "oval:org.mitre.oval:def:14346", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14346" - }, - { - "name" : "1026414", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka \"Publisher Invalid Pointer Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14346", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14346" + }, + { + "name": "TA11-347A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" + }, + { + "name": "VU#361441", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/361441" + }, + { + "name": "1026414", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026414" + }, + { + "name": "MS11-091", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-091" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4297.json b/2011/4xxx/CVE-2011-4297.json index 3e20ba316ca..6cea3a45aef 100644 --- a/2011/4xxx/CVE-2011-4297.json +++ b/2011/4xxx/CVE-2011-4297.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/14/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=182740", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=182740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/14/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=182740", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=182740" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0113.json b/2013/0xxx/CVE-2013-0113.json index 2baa8b05f3b..c02fddf2a05 100644 --- a/2013/0xxx/CVE-2013-0113.json +++ b/2013/0xxx/CVE-2013-0113.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-0113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#248449", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/248449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#248449", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/248449" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0334.json b/2013/0xxx/CVE-2013-0334.json index d8af7ca8711..48f5d79d19b 100644 --- a/2013/0xxx/CVE-2013-0334.json +++ b/2013/0xxx/CVE-2013-0334.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html", - "refsource" : "CONFIRM", - "url" : "http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "FEDORA-2014-11630", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140654.html" - }, - { - "name" : "FEDORA-2014-11649", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140609.html" - }, - { - "name" : "FEDORA-2014-11677", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140655.html" - }, - { - "name" : "GLSA-201609-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201609-02" - }, - { - "name" : "openSUSE-SU-2015:0628", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00092.html" - }, - { - "name" : "70099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201609-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201609-02" + }, + { + "name": "FEDORA-2014-11649", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140609.html" + }, + { + "name": "FEDORA-2014-11630", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140654.html" + }, + { + "name": "http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html", + "refsource": "CONFIRM", + "url": "http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "FEDORA-2014-11677", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140655.html" + }, + { + "name": "openSUSE-SU-2015:0628", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00092.html" + }, + { + "name": "70099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70099" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0497.json b/2013/0xxx/CVE-2013-0497.json index 771098cc111..1ca27bee041 100644 --- a/2013/0xxx/CVE-2013-0497.json +++ b/2013/0xxx/CVE-2013-0497.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0497", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0497", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1532.json b/2013/1xxx/CVE-2013-1532.json index 253dd7b4acf..cbf95c6d078 100644 --- a/2013/1xxx/CVE-2013-1532.json +++ b/2013/1xxx/CVE-2013-1532.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "RHSA-2013:0772", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0772.html" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "RHSA-2013:0772", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0772.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4176.json b/2013/4xxx/CVE-2013-4176.json index a1aac9c5bce..edfa8431b35 100644 --- a/2013/4xxx/CVE-2013-4176.json +++ b/2013/4xxx/CVE-2013-4176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4176", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4176", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4585.json b/2013/4xxx/CVE-2013-4585.json index 22fc144618e..60936619145 100644 --- a/2013/4xxx/CVE-2013-4585.json +++ b/2013/4xxx/CVE-2013-4585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4585", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4585", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5210.json b/2013/5xxx/CVE-2013-5210.json index 6404893fe63..1b821efee36 100644 --- a/2013/5xxx/CVE-2013-5210.json +++ b/2013/5xxx/CVE-2013-5210.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://supportforums.adtran.com/docs/DOC-6414", - "refsource" : "CONFIRM", - "url" : "https://supportforums.adtran.com/docs/DOC-6414" - }, - { - "name" : "https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/6414-102-3-7862/NetVanta%207000%20Series%20Products%20AOS%20R10.8.1%20Release%20Notes.pdf", - "refsource" : "CONFIRM", - "url" : "https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/6414-102-3-7862/NetVanta%207000%20Series%20Products%20AOS%20R10.8.1%20Release%20Notes.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/6414-102-3-7862/NetVanta%207000%20Series%20Products%20AOS%20R10.8.1%20Release%20Notes.pdf", + "refsource": "CONFIRM", + "url": "https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/6414-102-3-7862/NetVanta%207000%20Series%20Products%20AOS%20R10.8.1%20Release%20Notes.pdf" + }, + { + "name": "https://supportforums.adtran.com/docs/DOC-6414", + "refsource": "CONFIRM", + "url": "https://supportforums.adtran.com/docs/DOC-6414" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5221.json b/2013/5xxx/CVE-2013-5221.json index eaa3404b670..b292ad28343 100644 --- a/2013/5xxx/CVE-2013-5221.json +++ b/2013/5xxx/CVE-2013-5221.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.esri.com/en/knowledgebase/techarticles/detail/41497", - "refsource" : "CONFIRM", - "url" : "http://support.esri.com/en/knowledgebase/techarticles/detail/41497" - }, - { - "name" : "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009", - "refsource" : "CONFIRM", - "url" : "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.esri.com/en/knowledgebase/techarticles/detail/41497", + "refsource": "CONFIRM", + "url": "http://support.esri.com/en/knowledgebase/techarticles/detail/41497" + }, + { + "name": "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009", + "refsource": "CONFIRM", + "url": "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5223.json b/2013/5xxx/CVE-2013-5223.json index a8dea0c7350..d2633a10cef 100644 --- a/2013/5xxx/CVE-2013-5223.json +++ b/2013/5xxx/CVE-2013-5223.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131110 D-Link Router 2760N (DSL-2760U-BN) Multiple XSS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Nov/76" - }, - { - "name" : "http://packetstormsecurity.com/files/123976", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123976" - }, - { - "name" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002", - "refsource" : "CONFIRM", - "url" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002" - }, - { - "name" : "99603", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99603" - }, - { - "name" : "99604", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99604" - }, - { - "name" : "99605", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99605" - }, - { - "name" : "99606", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99606" - }, - { - "name" : "99607", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99607" - }, - { - "name" : "99608", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99608" - }, - { - "name" : "99609", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99609" - }, - { - "name" : "99610", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99610" - }, - { - "name" : "99611", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99611" - }, - { - "name" : "99612", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99612" - }, - { - "name" : "99613", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99613" - }, - { - "name" : "99615", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99615" - }, - { - "name" : "99616", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99616" - }, - { - "name" : "dlink-cve20135223-multiple-xss(88724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724" - }, - { - "name" : "dlink-cve20135223-xss(88723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99611", + "refsource": "OSVDB", + "url": "http://osvdb.org/99611" + }, + { + "name": "99609", + "refsource": "OSVDB", + "url": "http://osvdb.org/99609" + }, + { + "name": "dlink-cve20135223-xss(88723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723" + }, + { + "name": "dlink-cve20135223-multiple-xss(88724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724" + }, + { + "name": "99605", + "refsource": "OSVDB", + "url": "http://osvdb.org/99605" + }, + { + "name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002", + "refsource": "CONFIRM", + "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002" + }, + { + "name": "99607", + "refsource": "OSVDB", + "url": "http://osvdb.org/99607" + }, + { + "name": "99608", + "refsource": "OSVDB", + "url": "http://osvdb.org/99608" + }, + { + "name": "99606", + "refsource": "OSVDB", + "url": "http://osvdb.org/99606" + }, + { + "name": "99610", + "refsource": "OSVDB", + "url": "http://osvdb.org/99610" + }, + { + "name": "99604", + "refsource": "OSVDB", + "url": "http://osvdb.org/99604" + }, + { + "name": "99615", + "refsource": "OSVDB", + "url": "http://osvdb.org/99615" + }, + { + "name": "20131110 D-Link Router 2760N (DSL-2760U-BN) Multiple XSS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Nov/76" + }, + { + "name": "99603", + "refsource": "OSVDB", + "url": "http://osvdb.org/99603" + }, + { + "name": "99612", + "refsource": "OSVDB", + "url": "http://osvdb.org/99612" + }, + { + "name": "99616", + "refsource": "OSVDB", + "url": "http://osvdb.org/99616" + }, + { + "name": "http://packetstormsecurity.com/files/123976", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123976" + }, + { + "name": "99613", + "refsource": "OSVDB", + "url": "http://osvdb.org/99613" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5687.json b/2013/5xxx/CVE-2013-5687.json index 683d33347bf..3ea31fde422 100644 --- a/2013/5xxx/CVE-2013-5687.json +++ b/2013/5xxx/CVE-2013-5687.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5687", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5687", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5793.json b/2013/5xxx/CVE-2013-5793.json index 63661ae937c..4b22e4f2ccc 100644 --- a/2013/5xxx/CVE-2013-5793.json +++ b/2013/5xxx/CVE-2013-5793.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "63116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63116" - }, - { - "name" : "1029184", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63116" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "1029184", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029184" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2696.json b/2014/2xxx/CVE-2014-2696.json index 277a84a4004..57f74f3d64d 100644 --- a/2014/2xxx/CVE-2014-2696.json +++ b/2014/2xxx/CVE-2014-2696.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2696", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2696", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0040.json b/2017/0xxx/CVE-2017-0040.json index d3743b5449c..4195f314f49 100644 --- a/2017/0xxx/CVE-2017-0040.json +++ b/2017/0xxx/CVE-2017-0040.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "The scripting engine in Microsoft Internet Explorer 9 through 11" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\" This vulnerability is different from that described in CVE-2017-0130." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "The scripting engine in Microsoft Internet Explorer 9 through 11" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf", - "refsource" : "MISC", - "url" : "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040" - }, - { - "name" : "96094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96094" - }, - { - "name" : "1038008", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\" This vulnerability is different from that described in CVE-2017-0130." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf", + "refsource": "MISC", + "url": "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf" + }, + { + "name": "96094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96094" + }, + { + "name": "1038008", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038008" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0489.json b/2017/0xxx/CVE-2017-0489.json index ada546ae489..ac3c80cb4e1 100644 --- a/2017/0xxx/CVE-2017-0489.json +++ b/2017/0xxx/CVE-2017-0489.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96792" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "96792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96792" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000421.json b/2017/1000xxx/CVE-2017-1000421.json index e8646c598d7..85c0a67673d 100644 --- a/2017/1000xxx/CVE-2017-1000421.json +++ b/2017/1000xxx/CVE-2017-1000421.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000421", - "REQUESTER" : "junxzm@hotmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gifsicle (Gifview)", - "version" : { - "version_data" : [ - { - "version_value" : "1.89 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Eddie Kohler" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-After-Free" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000421", + "REQUESTER": "junxzm@hotmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1233-1] gifsicle security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00006.html" - }, - { - "name" : "https://github.com/kohler/gifsicle/issues/114", - "refsource" : "CONFIRM", - "url" : "https://github.com/kohler/gifsicle/issues/114" - }, - { - "name" : "DSA-4084", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1233-1] gifsicle security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00006.html" + }, + { + "name": "DSA-4084", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4084" + }, + { + "name": "https://github.com/kohler/gifsicle/issues/114", + "refsource": "CONFIRM", + "url": "https://github.com/kohler/gifsicle/issues/114" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000453.json b/2017/1000xxx/CVE-2017-1000453.json index 951a1e634c0..af933c1895b 100644 --- a/2017/1000xxx/CVE-2017-1000453.json +++ b/2017/1000xxx/CVE-2017-1000453.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000453", - "REQUESTER" : "m.daniel.legall@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CMS Made Simple", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.6, 2.2" - } - ] - } - } - ] - }, - "vendor_name" : "CMS Made Simple" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server Side Template Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000453", + "REQUESTER": "m.daniel.legall@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/", - "refsource" : "MISC", - "url" : "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/", + "refsource": "MISC", + "url": "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12096.json b/2017/12xxx/CVE-2017-12096.json index 6b42b62bc70..612ffb5bcbf 100644 --- a/2017/12xxx/CVE-2017-12096.json +++ b/2017/12xxx/CVE-2017-12096.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-12096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Circle", - "version" : { - "version_data" : [ - { - "version_value" : "firmware 2.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Circle Media" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed \"deauth\" packets to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "access point deauthorization" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-12096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Circle", + "version": { + "version_data": [ + { + "version_value": "firmware 2.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Circle Media" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed \"deauth\" packets to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "access point deauthorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12168.json b/2017/12xxx/CVE-2017-12168.json index d0bc91d69b5..863834a9811 100644 --- a/2017/12xxx/CVE-2017-12168.json +++ b/2017/12xxx/CVE-2017-12168.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-12168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux kernel before 4.9", - "version" : { - "version_data" : [ - { - "version_value" : "Linux kernel before 4.9" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "assert failure CWE-617" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-12168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux kernel before 4.9", + "version": { + "version_data": [ + { + "version_value": "Linux kernel before 4.9" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1492984", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1492984" - }, - { - "name" : "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "assert failure CWE-617" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12551.json b/2017/12xxx/CVE-2017-12551.json index b901725842b..f74ebfb467b 100644 --- a/2017/12xxx/CVE-2017-12551.json +++ b/2017/12xxx/CVE-2017-12551.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2017-12551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2017-12551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "name" : "101029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101029" - }, - { - "name" : "1039437", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039437", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039437" + }, + { + "name": "101029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101029" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12578.json b/2017/12xxx/CVE-2017-12578.json index 434562658eb..d1f7d60a9b4 100644 --- a/2017/12xxx/CVE-2017-12578.json +++ b/2017/12xxx/CVE-2017-12578.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12578", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12578", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12676.json b/2017/12xxx/CVE-2017-12676.json index 8803cb73259..c21e531bc4a 100644 --- a/2017/12xxx/CVE-2017-12676.json +++ b/2017/12xxx/CVE-2017-12676.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/618", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/618" - }, - { - "name" : "100225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/618", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/618" + }, + { + "name": "100225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100225" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16357.json b/2017/16xxx/CVE-2017-16357.json index 5130df5ac51..2d05aacd78f 100644 --- a/2017/16xxx/CVE-2017-16357.json +++ b/2017/16xxx/CVE-2017-16357.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a" - }, - { - "name" : "https://github.com/radare/radare2/issues/8742", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/issues/8742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/issues/8742", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/issues/8742" + }, + { + "name": "https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16509.json b/2017/16xxx/CVE-2017-16509.json index e9096e3498e..c123d991ce3 100644 --- a/2017/16xxx/CVE-2017-16509.json +++ b/2017/16xxx/CVE-2017-16509.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16509", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16509", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16777.json b/2017/16xxx/CVE-2017-16777.json index 087b2c4263a..d46623ed928 100644 --- a/2017/16xxx/CVE-2017-16777.json +++ b/2017/16xxx/CVE-2017-16777.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43219", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43219/" - }, - { - "name" : "https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html", - "refsource" : "MISC", - "url" : "https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html", + "refsource": "MISC", + "url": "https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html" + }, + { + "name": "43219", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43219/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16928.json b/2017/16xxx/CVE-2017-16928.json index 818feb1d5f5..3a40bac5218 100644 --- a/2017/16xxx/CVE-2017-16928.json +++ b/2017/16xxx/CVE-2017-16928.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43925", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43925/" - }, - { - "name" : "http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html" - }, - { - "name" : "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html", - "refsource" : "MISC", - "url" : "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43925", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43925/" + }, + { + "name": "http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html" + }, + { + "name": "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html", + "refsource": "MISC", + "url": "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4028.json b/2017/4xxx/CVE-2017-4028.json index 16e22f17334..509ec753cc1 100644 --- a/2017/4xxx/CVE-2017-4028.json +++ b/2017/4xxx/CVE-2017-4028.json @@ -1,151 +1,151 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "DATE_PUBLIC" : "2017-05-12T17:00:00.000Z", - "ID" : "CVE-2017-4028", - "STATE" : "PUBLIC", - "TITLE" : "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "McAfee Anti-Virus Plus (AVP)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "170329", - "version_value" : "29 Mar 2017" - } - ] - } - }, - { - "product_name" : "McAfee Endpoint Security (ENS)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "10.2", - "version_value" : "10.2 DAT V3 DAT 2932.0" - } - ] - } - }, - { - "product_name" : "McAfee Host Intrusion Prevention (Host IPS)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "8.0", - "version_value" : "8.0 Patch 9 Hotfix 1188590" - } - ] - } - }, - { - "product_name" : "McAfee Internet Security (MIS)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "170329", - "version_value" : "29 Mar 2017" - } - ] - } - }, - { - "product_name" : "McAfee Total Protection (MTP)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "170329", - "version_value" : "29 Mar 2017" - } - ] - } - }, - { - "product_name" : "McAfee Virus Scan Enterprise (VSE)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "8.8", - "version_value" : "8.8 Patch 8/9 Hotfix 1187884" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Maliciously misconfigured registry vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "2017-05-12T17:00:00.000Z", + "ID": "CVE-2017-4028", + "STATE": "PUBLIC", + "TITLE": "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Anti-Virus Plus (AVP)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "170329", + "version_value": "29 Mar 2017" + } + ] + } + }, + { + "product_name": "McAfee Endpoint Security (ENS)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "10.2", + "version_value": "10.2 DAT V3 DAT 2932.0" + } + ] + } + }, + { + "product_name": "McAfee Host Intrusion Prevention (Host IPS)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "8.0", + "version_value": "8.0 Patch 9 Hotfix 1188590" + } + ] + } + }, + { + "product_name": "McAfee Internet Security (MIS)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "170329", + "version_value": "29 Mar 2017" + } + ] + } + }, + { + "product_name": "McAfee Total Protection (MTP)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "170329", + "version_value": "29 Mar 2017" + } + ] + } + }, + { + "product_name": "McAfee Virus Scan Enterprise (VSE)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "8.8", + "version_value": "8.8 Patch 8/9 Hotfix 1187884" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10193", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10193" - }, - { - "name" : "97958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97958" - } - ] - }, - "source" : { - "advisory" : "SB10193", - "discovery" : "EXTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Maliciously misconfigured registry vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10193", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10193" + }, + { + "name": "97958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97958" + } + ] + }, + "source": { + "advisory": "SB10193", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4167.json b/2017/4xxx/CVE-2017-4167.json index 28dda911b72..d380f1a2aeb 100644 --- a/2017/4xxx/CVE-2017-4167.json +++ b/2017/4xxx/CVE-2017-4167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4167", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4167", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4305.json b/2017/4xxx/CVE-2017-4305.json index 306ef5966ac..87fa1434a5c 100644 --- a/2017/4xxx/CVE-2017-4305.json +++ b/2017/4xxx/CVE-2017-4305.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4305", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4305", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4694.json b/2017/4xxx/CVE-2017-4694.json index d7221739d4c..d2a6bbb76eb 100644 --- a/2017/4xxx/CVE-2017-4694.json +++ b/2017/4xxx/CVE-2017-4694.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4694", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4694", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18054.json b/2018/18xxx/CVE-2018-18054.json index 4bae6a19b1a..357d2e73db4 100644 --- a/2018/18xxx/CVE-2018-18054.json +++ b/2018/18xxx/CVE-2018-18054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18054", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18054", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18101.json b/2018/18xxx/CVE-2018-18101.json index 45790e777d7..63891aa113b 100644 --- a/2018/18xxx/CVE-2018-18101.json +++ b/2018/18xxx/CVE-2018-18101.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18101", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18101", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18337.json b/2018/18xxx/CVE-2018-18337.json index 18e81ca5efe..2a6db17def3 100644 --- a/2018/18xxx/CVE-2018-18337.json +++ b/2018/18xxx/CVE-2018-18337.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-18337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-18337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/886753", - "refsource" : "MISC", - "url" : "https://crbug.com/886753" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4352", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4352" - }, - { - "name" : "RHSA-2018:3803", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3803" - }, - { - "name" : "106084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/886753", + "refsource": "MISC", + "url": "https://crbug.com/886753" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:3803", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3803" + }, + { + "name": "DSA-4352", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4352" + }, + { + "name": "106084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106084" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5573.json b/2018/5xxx/CVE-2018-5573.json index 5099e15afd8..507cda6c585 100644 --- a/2018/5xxx/CVE-2018-5573.json +++ b/2018/5xxx/CVE-2018-5573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5639.json b/2018/5xxx/CVE-2018-5639.json index 0d9cb8e5d19..15d7137612d 100644 --- a/2018/5xxx/CVE-2018-5639.json +++ b/2018/5xxx/CVE-2018-5639.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5639", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5639", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5686.json b/2018/5xxx/CVE-2018-5686.json index 0212dff806b..7e10323cede 100644 --- a/2018/5xxx/CVE-2018-5686.json +++ b/2018/5xxx/CVE-2018-5686.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698860", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698860" - }, - { - "name" : "DSA-4334", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4334" - }, - { - "name" : "GLSA-201811-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-15" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=698860", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698860" + }, + { + "name": "GLSA-201811-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-15" + }, + { + "name": "DSA-4334", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4334" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5824.json b/2018/5xxx/CVE-2018-5824.json index 8b3dcc11c70..37c710dfd36 100644 --- a/2018/5xxx/CVE-2018-5824.json +++ b/2018/5xxx/CVE-2018-5824.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2018-5824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2018-5824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5970.json b/2018/5xxx/CVE-2018-5970.json index 4d77678df39..c6f33d5b33e 100644 --- a/2018/5xxx/CVE-2018-5970.json +++ b/2018/5xxx/CVE-2018-5970.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44116", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/44116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44116", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/44116" + } + ] + } +} \ No newline at end of file