diff --git a/2001/0xxx/CVE-2001-0334.json b/2001/0xxx/CVE-2001-0334.json index e7653dcb1c8..983bcbcdc50 100644 --- a/2001/0xxx/CVE-2001-0334.json +++ b/2001/0xxx/CVE-2001-0334.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026" - }, - { - "name" : "iis-ftp-wildcard-dos(6535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026" + }, + { + "name": "iis-ftp-wildcard-dos(6535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6535" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0447.json b/2001/0xxx/CVE-2001-0447.json index 9fe208948fb..a0176d9a15c 100644 --- a/2001/0xxx/CVE-2001-0447.json +++ b/2001/0xxx/CVE-2001-0447.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing \"%2e\" (dot dot) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010326 602Pro Lansuite Denial Of Service 1.0.34", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/171418" - }, - { - "name" : "2514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing \"%2e\" (dot dot) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2514" + }, + { + "name": "20010326 602Pro Lansuite Denial Of Service 1.0.34", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/171418" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0537.json b/2001/0xxx/CVE-2001-0537.json index 1fd79436ffc..14706ab6d53 100644 --- a/2001/0xxx/CVE-2001-0537.json +++ b/2001/0xxx/CVE-2001-0537.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010627 IOS HTTP authorization vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html" - }, - { - "name" : "20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com" - }, - { - "name" : "20010702 Cisco IOS HTTP Configuration Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org" - }, - { - "name" : "20010702 Cisco device HTTP exploit...", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu" - }, - { - "name" : "20010702 ios-http-auth.sh", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com" - }, - { - "name" : "CA-2001-14", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-14.html" - }, - { - "name" : "L-106", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-106.shtml" - }, - { - "name" : "2936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2936" - }, - { - "name" : "578", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/578" - }, - { - "name" : "cisco-ios-admin-access(6749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2001-14", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-14.html" + }, + { + "name": "20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com" + }, + { + "name": "20010627 IOS HTTP authorization vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html" + }, + { + "name": "20010702 ios-http-auth.sh", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com" + }, + { + "name": "20010702 Cisco IOS HTTP Configuration Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org" + }, + { + "name": "578", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/578" + }, + { + "name": "20010702 Cisco device HTTP exploit...", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu" + }, + { + "name": "L-106", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-106.shtml" + }, + { + "name": "2936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2936" + }, + { + "name": "cisco-ios-admin-access(6749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6749" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0962.json b/2001/0xxx/CVE-2001-0962.json index a476a873a95..17da59cf404 100644 --- a/2001/0xxx/CVE-2001-0962.json +++ b/2001/0xxx/CVE-2001-0962.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010919 Websphere cookie/sessionid predictable", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html" - }, - { - "name" : "20010928 Re: Websphere cookie/sessionid predictable", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html" - }, - { - "name" : "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p" - }, - { - "name" : "ibm-websphere-seq-predict(7153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153" - }, - { - "name" : "5492", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010928 Re: Websphere cookie/sessionid predictable", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html" + }, + { + "name": "20010919 Websphere cookie/sessionid predictable", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html" + }, + { + "name": "ibm-websphere-seq-predict(7153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153" + }, + { + "name": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p" + }, + { + "name": "5492", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5492" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1353.json b/2001/1xxx/CVE-2001-1353.json index ada2ecc7727..bceb1a889c1 100644 --- a/2001/1xxx/CVE-2001-1353.json +++ b/2001/1xxx/CVE-2001-1353.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://marc.info/?l=lprng&m=100083210910857&w=2", - "refsource" : "MISC", - "url" : "http://marc.info/?l=lprng&m=100083210910857&w=2" - }, - { - "name" : "HPSBUX0112-009", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q4/0069.html" - }, - { - "name" : "RHSA-2001:112", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2001-112.html" - }, - { - "name" : "RHSA-2001:138", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-138.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2001:138", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-138.html" + }, + { + "name": "http://marc.info/?l=lprng&m=100083210910857&w=2", + "refsource": "MISC", + "url": "http://marc.info/?l=lprng&m=100083210910857&w=2" + }, + { + "name": "HPSBUX0112-009", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q4/0069.html" + }, + { + "name": "RHSA-2001:112", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2001-112.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2843.json b/2006/2xxx/CVE-2006-2843.json index 123ac8740c5..32342d443ba 100644 --- a/2006/2xxx/CVE-2006-2843.json +++ b/2006/2xxx/CVE-2006-2843.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 Redaxo CMS <= 3.2 Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435733/100/0/threaded" - }, - { - "name" : "1861", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1861" - }, - { - "name" : "18229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18229" - }, - { - "name" : "ADV-2006-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2109" - }, - { - "name" : "1016213", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016213" - }, - { - "name" : "20408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20408" - }, - { - "name" : "1043", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1043" - }, - { - "name" : "redaxo-rex-file-include(26887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016213", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016213" + }, + { + "name": "ADV-2006-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2109" + }, + { + "name": "20408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20408" + }, + { + "name": "redaxo-rex-file-include(26887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26887" + }, + { + "name": "18229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18229" + }, + { + "name": "1861", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1861" + }, + { + "name": "20060602 Redaxo CMS <= 3.2 Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435733/100/0/threaded" + }, + { + "name": "1043", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1043" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2874.json b/2006/2xxx/CVE-2006-2874.json index 67ee290b31d..4a625f8fe2b 100644 --- a/2006/2xxx/CVE-2006-2874.json +++ b/2006/2xxx/CVE-2006-2874.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a \"Security Leak to lock in HTML-Code,\" possibly due to a cross-site scripting (XSS) vulnerability involving comments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=422081", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=422081" - }, - { - "name" : "http://osads.sourceforge.net/viewtopic.php?t=3", - "refsource" : "CONFIRM", - "url" : "http://osads.sourceforge.net/viewtopic.php?t=3" - }, - { - "name" : "18280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18280" - }, - { - "name" : "ADV-2006-2143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2143" - }, - { - "name" : "20441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20441" - }, - { - "name" : "osads-comments-xss(26914)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a \"Security Leak to lock in HTML-Code,\" possibly due to a cross-site scripting (XSS) vulnerability involving comments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "osads-comments-xss(26914)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26914" + }, + { + "name": "http://osads.sourceforge.net/viewtopic.php?t=3", + "refsource": "CONFIRM", + "url": "http://osads.sourceforge.net/viewtopic.php?t=3" + }, + { + "name": "ADV-2006-2143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2143" + }, + { + "name": "18280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18280" + }, + { + "name": "20441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20441" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=422081", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=422081" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2890.json b/2006/2xxx/CVE-2006-2890.json index aadf109ce7a..0e06e166dc2 100644 --- a/2006/2xxx/CVE-2006-2890.json +++ b/2006/2xxx/CVE-2006-2890.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION[\"pixelpost_admin\"] parameter to 1 in calls to admin scripts such as admin/view_info.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060603 Pixelpost <= 1-5rc1-2 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435856/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/pixelpost_15rc12_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/pixelpost_15rc12_xpl.html" - }, - { - "name" : "18276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18276" - }, - { - "name" : "1016217", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016217" - }, - { - "name" : "1061", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION[\"pixelpost_admin\"] parameter to 1 in calls to admin scripts such as admin/view_info.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060603 Pixelpost <= 1-5rc1-2 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435856/100/0/threaded" + }, + { + "name": "http://retrogod.altervista.org/pixelpost_15rc12_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/pixelpost_15rc12_xpl.html" + }, + { + "name": "1061", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1061" + }, + { + "name": "18276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18276" + }, + { + "name": "1016217", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016217" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5014.json b/2008/5xxx/CVE-2008-5014.json index 09b07d6182d..0cb650562ae 100644 --- a/2008/5xxx/CVE-2008-5014.json +++ b/2008/5xxx/CVE-2008-5014.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=436741", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=436741" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-50.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-50.html" - }, - { - "name" : "DSA-1669", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1669" - }, - { - "name" : "DSA-1671", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1671" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "DSA-1696", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1696" - }, - { - "name" : "FEDORA-2008-9669", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html" - }, - { - "name" : "FEDORA-2008-9667", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html" - }, - { - "name" : "MDVSA-2008:228", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228" - }, - { - "name" : "MDVSA-2008:235", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:235" - }, - { - "name" : "MDVSA-2008:230", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:230" - }, - { - "name" : "RHSA-2008:0977", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0977.html" - }, - { - "name" : "RHSA-2008:0978", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0978.html" - }, - { - "name" : "RHSA-2008:0976", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0976.html" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:055", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html" - }, - { - "name" : "USN-667-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-667-1" - }, - { - "name" : "TA08-319A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-319A.html" - }, - { - "name" : "32281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32281" - }, - { - "name" : "oval:org.mitre.oval:def:9157", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9157" - }, - { - "name" : "1021182", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021182" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "32684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32684" - }, - { - "name" : "32798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32798" - }, - { - "name" : "32778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32778" - }, - { - "name" : "32853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32853" - }, - { - "name" : "ADV-2008-3146", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3146" - }, - { - "name" : "32721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32721" - }, - { - "name" : "32845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32845" - }, - { - "name" : "32693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32693" - }, - { - "name" : "32694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32694" - }, - { - "name" : "32695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32695" - }, - { - "name" : "32714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32714" - }, - { - "name" : "32715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32715" - }, - { - "name" : "32011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32011" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "33434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33434" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32011" + }, + { + "name": "ADV-2008-3146", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3146" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=436741", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=436741" + }, + { + "name": "DSA-1671", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1671" + }, + { + "name": "32281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32281" + }, + { + "name": "FEDORA-2008-9667", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html" + }, + { + "name": "RHSA-2008:0977", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0977.html" + }, + { + "name": "MDVSA-2008:230", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:230" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "32695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32695" + }, + { + "name": "1021182", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021182" + }, + { + "name": "RHSA-2008:0978", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0978.html" + }, + { + "name": "DSA-1669", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1669" + }, + { + "name": "32778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32778" + }, + { + "name": "RHSA-2008:0976", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0976.html" + }, + { + "name": "FEDORA-2008-9669", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-50.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-50.html" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "SUSE-SA:2008:055", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html" + }, + { + "name": "32694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32694" + }, + { + "name": "32721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32721" + }, + { + "name": "TA08-319A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-319A.html" + }, + { + "name": "32853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32853" + }, + { + "name": "DSA-1696", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1696" + }, + { + "name": "oval:org.mitre.oval:def:9157", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9157" + }, + { + "name": "32715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32715" + }, + { + "name": "32693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32693" + }, + { + "name": "MDVSA-2008:228", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228" + }, + { + "name": "32845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32845" + }, + { + "name": "MDVSA-2008:235", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:235" + }, + { + "name": "33434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33434" + }, + { + "name": "32798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32798" + }, + { + "name": "32684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32684" + }, + { + "name": "USN-667-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-667-1" + }, + { + "name": "32714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32714" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5029.json b/2008/5xxx/CVE-2008-5029.json index c07a24a4338..75a9880acb9 100644 --- a/2008/5xxx/CVE-2008-5029.json +++ b/2008/5xxx/CVE-2008-5029.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090101 Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499700/100/0/threaded" - }, - { - "name" : "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512019/100/0/threaded" - }, - { - "name" : "20090104 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499744/100/0/threaded" - }, - { - "name" : "20090103 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-01/0006.html" - }, - { - "name" : "[linux-netdev] 20081106 UNIX sockets kernel panic", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-netdev&m=122593044330973&w=2" - }, - { - "name" : "[oss-security] 20081106 CVE request: kernel: Unix sockets kernel panic", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/06/1" - }, - { - "name" : "http://darkircop.org/unix.c", - "refsource" : "MISC", - "url" : "http://darkircop.org/unix.c" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=470201", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=470201" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.9", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.9" - }, - { - "name" : "DSA-1687", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1687" - }, - { - "name" : "DSA-1681", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1681" - }, - { - "name" : "MDVSA-2008:234", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:234" - }, - { - "name" : "RHSA-2009:0225", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0225.html" - }, - { - "name" : "RHSA-2009:0009", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0009.html" - }, - { - "name" : "RHSA-2009:0014", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0014.html" - }, - { - "name" : "RHSA-2009:1550", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1550.html" - }, - { - "name" : "SUSE-SA:2008:057", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html" - }, - { - "name" : "SUSE-SA:2009:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html" - }, - { - "name" : "USN-679-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-679-1" - }, - { - "name" : "32154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32154" - }, - { - "name" : "33079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33079" - }, - { - "name" : "oval:org.mitre.oval:def:11694", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11694" - }, - { - "name" : "oval:org.mitre.oval:def:9558", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9558" - }, - { - "name" : "1021292", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021292" - }, - { - "name" : "1021511", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021511" - }, - { - "name" : "32918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32918" - }, - { - "name" : "33180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33180" - }, - { - "name" : "33623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33623" - }, - { - "name" : "32998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32998" - }, - { - "name" : "33586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33586" - }, - { - "name" : "33641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33641" - }, - { - "name" : "33704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33704" - }, - { - "name" : "33556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33556" - }, - { - "name" : "4573", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4573" - }, - { - "name" : "linux-kernel-scmdestroy-dos(46538)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32998" + }, + { + "name": "[oss-security] 20081106 CVE request: kernel: Unix sockets kernel panic", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/06/1" + }, + { + "name": "MDVSA-2008:234", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:234" + }, + { + "name": "RHSA-2009:0225", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0225.html" + }, + { + "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded" + }, + { + "name": "33641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33641" + }, + { + "name": "4573", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4573" + }, + { + "name": "33623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33623" + }, + { + "name": "RHSA-2009:0009", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html" + }, + { + "name": "1021292", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021292" + }, + { + "name": "oval:org.mitre.oval:def:9558", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9558" + }, + { + "name": "1021511", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021511" + }, + { + "name": "RHSA-2009:0014", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0014.html" + }, + { + "name": "33586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33586" + }, + { + "name": "[linux-netdev] 20081106 UNIX sockets kernel panic", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-netdev&m=122593044330973&w=2" + }, + { + "name": "33556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33556" + }, + { + "name": "32154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32154" + }, + { + "name": "DSA-1687", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1687" + }, + { + "name": "32918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32918" + }, + { + "name": "20090104 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499744/100/0/threaded" + }, + { + "name": "USN-679-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-679-1" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.9", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.9" + }, + { + "name": "linux-kernel-scmdestroy-dos(46538)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46538" + }, + { + "name": "33180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33180" + }, + { + "name": "RHSA-2009:1550", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html" + }, + { + "name": "http://darkircop.org/unix.c", + "refsource": "MISC", + "url": "http://darkircop.org/unix.c" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=470201", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470201" + }, + { + "name": "SUSE-SA:2008:057", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html" + }, + { + "name": "20090101 Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499700/100/0/threaded" + }, + { + "name": "33704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33704" + }, + { + "name": "DSA-1681", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1681" + }, + { + "name": "oval:org.mitre.oval:def:11694", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11694" + }, + { + "name": "20090103 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-01/0006.html" + }, + { + "name": "33079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33079" + }, + { + "name": "SUSE-SA:2009:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html" + }, + { + "name": "SUSE-SA:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5270.json b/2008/5xxx/CVE-2008-5270.json index 466291d8369..b29cad1eed8 100644 --- a/2008/5xxx/CVE-2008-5270.json +++ b/2008/5xxx/CVE-2008-5270.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5783", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5783" - }, - { - "name" : "29647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29647" - }, - { - "name" : "4651", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5783", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5783" + }, + { + "name": "29647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29647" + }, + { + "name": "4651", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4651" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5488.json b/2008/5xxx/CVE-2008-5488.json index ae5b287c34d..bacce518fc2 100644 --- a/2008/5xxx/CVE-2008-5488.json +++ b/2008/5xxx/CVE-2008-5488.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7037", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7037" - }, - { - "name" : "32170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32170" - }, - { - "name" : "ADV-2008-3048", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3048" - }, - { - "name" : "domainshop-admin-sql-injection(46435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "domainshop-admin-sql-injection(46435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46435" + }, + { + "name": "32170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32170" + }, + { + "name": "ADV-2008-3048", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3048" + }, + { + "name": "7037", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7037" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2212.json b/2011/2xxx/CVE-2011-2212.json index e291ce91d24..6d761e5db43 100644 --- a/2011/2xxx/CVE-2011-2212.json +++ b/2011/2xxx/CVE-2011-2212.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to \"virtqueue in and out requests.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=713589", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=713589" - }, - { - "name" : "DSA-2282", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2011/dsa-2282" - }, - { - "name" : "RHSA-2011:0919", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-0919.html" - }, - { - "name" : "SUSE-SU-2011:0806", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/9605323" - }, - { - "name" : "openSUSE-SU-2011:0803", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html" - }, - { - "name" : "USN-1165-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1165-1" - }, - { - "name" : "74751", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/74751" - }, - { - "name" : "45158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45158" - }, - { - "name" : "45170", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45170" - }, - { - "name" : "45187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45187" - }, - { - "name" : "45188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45188" - }, - { - "name" : "45301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45301" - }, - { - "name" : "45354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to \"virtqueue in and out requests.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:0919", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-0919.html" + }, + { + "name": "45170", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45170" + }, + { + "name": "45354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45354" + }, + { + "name": "45301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45301" + }, + { + "name": "DSA-2282", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2011/dsa-2282" + }, + { + "name": "45158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45158" + }, + { + "name": "openSUSE-SU-2011:0803", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html" + }, + { + "name": "45188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45188" + }, + { + "name": "74751", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/74751" + }, + { + "name": "USN-1165-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1165-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=713589", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713589" + }, + { + "name": "45187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45187" + }, + { + "name": "SUSE-SU-2011:0806", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/9605323" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2637.json b/2011/2xxx/CVE-2011-2637.json index 5221629f588..6675bca78c2 100644 --- a/2011/2xxx/CVE-2011-2637.json +++ b/2011/2xxx/CVE-2011-2637.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1110/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1110/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1110/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1110/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1110/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1110/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2686.json b/2011/2xxx/CVE-2011-2686.json index 644a7484385..6e5869e522d 100644 --- a/2011/2xxx/CVE-2011-2686.json +++ b/2011/2xxx/CVE-2011-2686.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110711 CVE Request: ruby PRNG fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/11/1" - }, - { - "name" : "[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/12/14" - }, - { - "name" : "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/20/1" - }, - { - "name" : "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/20/16" - }, - { - "name" : "http://redmine.ruby-lang.org/issues/show/4338", - "refsource" : "CONFIRM", - "url" : "http://redmine.ruby-lang.org/issues/show/4338" - }, - { - "name" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713", - "refsource" : "CONFIRM", - "url" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713" - }, - { - "name" : "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog" - }, - { - "name" : "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=722415", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=722415" - }, - { - "name" : "FEDORA-2011-9359", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html" - }, - { - "name" : "FEDORA-2011-9374", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html" - }, - { - "name" : "49015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49015" - }, - { - "name" : "ruby-random-number-dos(69032)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/12/14" + }, + { + "name": "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=722415", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722415" + }, + { + "name": "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/20/16" + }, + { + "name": "http://redmine.ruby-lang.org/issues/show/4338", + "refsource": "CONFIRM", + "url": "http://redmine.ruby-lang.org/issues/show/4338" + }, + { + "name": "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog", + "refsource": "CONFIRM", + "url": "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog" + }, + { + "name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713", + "refsource": "CONFIRM", + "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713" + }, + { + "name": "FEDORA-2011-9374", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html" + }, + { + "name": "ruby-random-number-dos(69032)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69032" + }, + { + "name": "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/20/1" + }, + { + "name": "[oss-security] 20110711 CVE Request: ruby PRNG fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/11/1" + }, + { + "name": "49015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49015" + }, + { + "name": "FEDORA-2011-9359", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2738.json b/2011/2xxx/CVE-2011-2738.json index 3bd31d0a20d..ede8f1404d3 100644 --- a/2011/2xxx/CVE-2011-2738.json +++ b/2011/2xxx/CVE-2011-2738.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2011-2738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519646/100/0/threaded" - }, - { - "name" : "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml" - }, - { - "name" : "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml" - }, - { - "name" : "49644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49644" - }, - { - "name" : "49627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49627" - }, - { - "name" : "75442", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/75442" - }, - { - "name" : "1026059", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026059" - }, - { - "name" : "1026046", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026046" - }, - { - "name" : "1026047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026047" - }, - { - "name" : "1026048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026048" - }, - { - "name" : "45979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45979" - }, - { - "name" : "46016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46016" - }, - { - "name" : "46053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46053" - }, - { - "name" : "46052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46052" - }, - { - "name" : "cisco-unspecified-code-execution(69828)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46052" + }, + { + "name": "1026048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026048" + }, + { + "name": "46053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46053" + }, + { + "name": "45979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45979" + }, + { + "name": "20110914 CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml" + }, + { + "name": "75442", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/75442" + }, + { + "name": "cisco-unspecified-code-execution(69828)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69828" + }, + { + "name": "46016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46016" + }, + { + "name": "49627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49627" + }, + { + "name": "49644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49644" + }, + { + "name": "20110914 Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml" + }, + { + "name": "1026059", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026059" + }, + { + "name": "1026047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026047" + }, + { + "name": "1026046", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026046" + }, + { + "name": "20110914 ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519646/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3175.json b/2011/3xxx/CVE-2011-3175.json index 9f35ebc396b..8dc8733f459 100644 --- a/2011/3xxx/CVE-2011-3175.json +++ b/2011/3xxx/CVE-2011-3175.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120314 Novell ZENworks Configuration Management PreBoot Service Opcode 0x6c Stack Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=973" - }, - { - "name" : "19958", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/19958" - }, - { - "name" : "http://download.novell.com/Download?buildid=rs4B5jhWKf8~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=rs4B5jhWKf8~" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7010044", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7010044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7010044", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7010044" + }, + { + "name": "http://download.novell.com/Download?buildid=rs4B5jhWKf8~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=rs4B5jhWKf8~" + }, + { + "name": "20120314 Novell ZENworks Configuration Management PreBoot Service Opcode 0x6c Stack Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=973" + }, + { + "name": "19958", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/19958" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3457.json b/2011/3xxx/CVE-2011-3457.json index 46d41a93f3b..310cc1a7b46 100644 --- a/2011/3xxx/CVE-2011-3457.json +++ b/2011/3xxx/CVE-2011-3457.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3755.json b/2011/3xxx/CVE-2011-3755.json index 8b0bb1e7270..396f00595ad 100644 --- a/2011/3xxx/CVE-2011-3755.json +++ b/2011/3xxx/CVE-2011-3755.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mantisbt-1.2.4", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mantisbt-1.2.4" - }, - { - "name" : "GLSA-201211-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201211-01.xml" - }, - { - "name" : "51199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mantisbt-1.2.4", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mantisbt-1.2.4" + }, + { + "name": "GLSA-201211-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "51199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51199" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0583.json b/2013/0xxx/CVE-2013-0583.json index 2b4f677b038..44145654a49 100644 --- a/2013/0xxx/CVE-2013-0583.json +++ b/2013/0xxx/CVE-2013-0583.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0583", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0583", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0697.json b/2013/0xxx/CVE-2013-0697.json index 079714ba951..799d2e10d54 100644 --- a/2013/0xxx/CVE-2013-0697.json +++ b/2013/0xxx/CVE-2013-0697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0697", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0697", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0701.json b/2013/0xxx/CVE-2013-0701.json index b62c2865e57..35e4dc57f22 100644 --- a/2013/0xxx/CVE-2013-0701.json +++ b/2013/0xxx/CVE-2013-0701.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-0701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20130125up02.php", - "refsource" : "CONFIRM", - "url" : "http://cs.cybozu.co.jp/information/20130125up02.php" - }, - { - "name" : "JVN#07629635", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN07629635/index.html" - }, - { - "name" : "JVNDB-2013-000007", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cs.cybozu.co.jp/information/20130125up02.php", + "refsource": "CONFIRM", + "url": "http://cs.cybozu.co.jp/information/20130125up02.php" + }, + { + "name": "JVNDB-2013-000007", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000007" + }, + { + "name": "JVN#07629635", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN07629635/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0790.json b/2013/0xxx/CVE-2013-0790.json index 493ef9939d2..ca292346df5 100644 --- a/2013/0xxx/CVE-2013-0790.json +++ b/2013/0xxx/CVE-2013-0790.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-30.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-30.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=842687", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=842687" - }, - { - "name" : "SUSE-SU-2013:0645", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=842687", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=842687" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-30.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-30.html" + }, + { + "name": "SUSE-SU-2013:0645", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1305.json b/2013/1xxx/CVE-2013-1305.json index ae11ec66266..82beccaa1cd 100644 --- a/2013/1xxx/CVE-2013-1305.json +++ b/2013/1xxx/CVE-2013-1305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka \"HTTP.sys Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-039" - }, - { - "name" : "TA13-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" - }, - { - "name" : "oval:org.mitre.oval:def:16088", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka \"HTTP.sys Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" + }, + { + "name": "oval:org.mitre.oval:def:16088", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16088" + }, + { + "name": "MS13-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-039" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1335.json b/2013/1xxx/CVE-2013-1335.json index 95de4ad1d3c..339115b01ff 100644 --- a/2013/1xxx/CVE-2013-1335.json +++ b/2013/1xxx/CVE-2013-1335.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka \"Word Shape Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-043" - }, - { - "name" : "TA13-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" - }, - { - "name" : "oval:org.mitre.oval:def:16229", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka \"Word Shape Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16229", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16229" + }, + { + "name": "TA13-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" + }, + { + "name": "MS13-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-043" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1815.json b/2013/1xxx/CVE-2013-1815.json index 1ef65cf2d66..716d69f6edc 100644 --- a/2013/1xxx/CVE-2013-1815.json +++ b/2013/1xxx/CVE-2013-1815.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=917904", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=917904" - }, - { - "name" : "RHSA-2013:0671", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0671.html" - }, - { - "name" : "packstack-answerfile-information-disclosure(83017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "packstack-answerfile-information-disclosure(83017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83017" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=917904", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917904" + }, + { + "name": "RHSA-2013:0671", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0671.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4539.json b/2013/4xxx/CVE-2013-4539.json index 0d65e7e3fde..2ee4bea6196 100644 --- a/2013/4xxx/CVE-2013-4539.json +++ b/2013/4xxx/CVE-2013-4539.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html" - }, - { - "name" : "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=5193be3be35f29a35bc465036cd64ad60d43385f", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=5193be3be35f29a35bc465036cd64ad60d43385f" - }, - { - "name" : "FEDORA-2014-6288", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=5193be3be35f29a35bc465036cd64ad60d43385f", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=5193be3be35f29a35bc465036cd64ad60d43385f" + }, + { + "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" + }, + { + "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html" + }, + { + "name": "FEDORA-2014-6288", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4705.json b/2013/4xxx/CVE-2013-4705.json index 0c5522c94be..6d40043b600 100644 --- a/2013/4xxx/CVE-2013-4705.json +++ b/2013/4xxx/CVE-2013-4705.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-4705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/unified/1500/", - "refsource" : "MISC", - "url" : "http://www.opera.com/docs/changelogs/unified/1500/" - }, - { - "name" : "JVN#01094166", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN01094166/index.html" - }, - { - "name" : "JVNDB-2013-000086", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#01094166", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN01094166/index.html" + }, + { + "name": "http://www.opera.com/docs/changelogs/unified/1500/", + "refsource": "MISC", + "url": "http://www.opera.com/docs/changelogs/unified/1500/" + }, + { + "name": "JVNDB-2013-000086", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000086" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4910.json b/2013/4xxx/CVE-2013-4910.json index badecd6fdaa..5b1ae9809e8 100644 --- a/2013/4xxx/CVE-2013-4910.json +++ b/2013/4xxx/CVE-2013-4910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4938.json b/2013/4xxx/CVE-2013-4938.json index f160caa48a3..505c2f4a29e 100644 --- a/2013/4xxx/CVE-2013-4938.json +++ b/2013/4xxx/CVE-2013-4938.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40308", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40308" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=232497", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=232497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=232497", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=232497" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40308", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40308" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5646.json b/2013/5xxx/CVE-2013-5646.json index 8df2a67700e..8f73248c591 100644 --- a/2013/5xxx/CVE-2013-5646.json +++ b/2013/5xxx/CVE-2013-5646.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.roundcube.net/ticket/1489251", - "refsource" : "MISC", - "url" : "http://trac.roundcube.net/ticket/1489251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.roundcube.net/ticket/1489251", + "refsource": "MISC", + "url": "http://trac.roundcube.net/ticket/1489251" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000008.json b/2017/1000xxx/CVE-2017-1000008.json index b88b32e2f72..dbea88f1901 100644 --- a/2017/1000xxx/CVE-2017-1000008.json +++ b/2017/1000xxx/CVE-2017-1000008.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.261681", - "ID" : "CVE-2017-1000008", - "REQUESTER" : "cptest311@frontier.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chyrp Lite", - "version" : { - "version_data" : [ - { - "version_value" : "v2016.04 \"lago\". Older versions may also be affected but this has not been confirmed." - } - ] - } - } - ] - }, - "vendor_name" : "Daniel Pimley - @xenocrat on GitHub" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.261681", + "ID": "CVE-2017-1000008", + "REQUESTER": "cptest311@frontier.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xenocrat/chyrp-lite/commit/79bb2de7f57d163d256b6bdb127dc09cfdb6235a", - "refsource" : "CONFIRM", - "url" : "https://github.com/xenocrat/chyrp-lite/commit/79bb2de7f57d163d256b6bdb127dc09cfdb6235a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xenocrat/chyrp-lite/commit/79bb2de7f57d163d256b6bdb127dc09cfdb6235a", + "refsource": "CONFIRM", + "url": "https://github.com/xenocrat/chyrp-lite/commit/79bb2de7f57d163d256b6bdb127dc09cfdb6235a" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000095.json b/2017/1000xxx/CVE-2017-1000095.json index 9bd6f6842e4..60bd6e8c918 100644 --- a/2017/1000xxx/CVE-2017-1000095.json +++ b/2017/1000xxx/CVE-2017-1000095.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.313879", - "ID" : "CVE-2017-1000095", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Script Security Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.29 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Script Security Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Whitelist includes unsafe entries" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.313879", + "ID": "CVE-2017-1000095", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-07-10/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-07-10/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-07-10/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-07-10/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12008.json b/2017/12xxx/CVE-2017-12008.json index 2cf2af36f61..ec499f03b0a 100644 --- a/2017/12xxx/CVE-2017-12008.json +++ b/2017/12xxx/CVE-2017-12008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12077.json b/2017/12xxx/CVE-2017-12077.json index e6bc5e401d8..40e3d499722 100644 --- a/2017/12xxx/CVE-2017-12077.json +++ b/2017/12xxx/CVE-2017-12077.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2017-08-28T00:00:00", - "ID" : "CVE-2017-12077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2017-08-28T00:00:00", + "ID": "CVE-2017-12077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_49_SRM", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_49_SRM" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_49_SRM", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_49_SRM" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12576.json b/2017/12xxx/CVE-2017-12576.json index 0ed22c9ed39..c4eeb1678df 100644 --- a/2017/12xxx/CVE-2017-12576.json +++ b/2017/12xxx/CVE-2017-12576.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/27" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/27" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12750.json b/2017/12xxx/CVE-2017-12750.json index 32c1dfc257d..32df5971534 100644 --- a/2017/12xxx/CVE-2017-12750.json +++ b/2017/12xxx/CVE-2017-12750.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12750", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12750", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12914.json b/2017/12xxx/CVE-2017-12914.json index 7b42d6ad2d9..65d88c298ba 100644 --- a/2017/12xxx/CVE-2017-12914.json +++ b/2017/12xxx/CVE-2017-12914.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12914", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12914", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12994.json b/2017/12xxx/CVE-2017-12994.json index 46d9fcd3954..596304a2d9f 100644 --- a/2017/12xxx/CVE-2017-12994.json +++ b/2017/12xxx/CVE-2017-12994.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/ffde45acf3348f8353fb4064a1b21683ee6b5ddf", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/ffde45acf3348f8353fb4064a1b21683ee6b5ddf" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/ffde45acf3348f8353fb4064a1b21683ee6b5ddf", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/ffde45acf3348f8353fb4064a1b21683ee6b5ddf" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13490.json b/2017/13xxx/CVE-2017-13490.json index 24a2debe846..b7dbc4c34c0 100644 --- a/2017/13xxx/CVE-2017-13490.json +++ b/2017/13xxx/CVE-2017-13490.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13490", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13490", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13645.json b/2017/13xxx/CVE-2017-13645.json index 79f4fb40333..b0e36d94a03 100644 --- a/2017/13xxx/CVE-2017-13645.json +++ b/2017/13xxx/CVE-2017-13645.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13645", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13645", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16472.json b/2017/16xxx/CVE-2017-16472.json index 7b65aafd1fa..f4e3b724cf8 100644 --- a/2017/16xxx/CVE-2017-16472.json +++ b/2017/16xxx/CVE-2017-16472.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16472", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16472", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16527.json b/2017/16xxx/CVE-2017-16527.json index 240a4ee4473..2ca05db9286 100644 --- a/2017/16xxx/CVE-2017-16527.json +++ b/2017/16xxx/CVE-2017-16527.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" - }, - { - "name" : "https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4" - }, - { - "name" : "https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ", - "refsource" : "MISC", - "url" : "https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4" + }, + { + "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ", + "refsource": "MISC", + "url": "https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16639.json b/2017/16xxx/CVE-2017-16639.json index 55bba836f06..5f0628c8e55 100644 --- a/2017/16xxx/CVE-2017-16639.json +++ b/2017/16xxx/CVE-2017-16639.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180912 CVE-2017-16639 - Tor Browser Deanonymization With SMB", - "refsource" : "BUGTRAQ", - "url" : "https://seclists.org/bugtraq/2018/Sep/29" - }, - { - "name" : "http://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymization-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymization-Information-Disclosure.html" - }, - { - "name" : "https://www.wearesegment.com/research/tor-browser-deanonymization-with-smb/", - "refsource" : "MISC", - "url" : "https://www.wearesegment.com/research/tor-browser-deanonymization-with-smb/" - }, - { - "name" : "105346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wearesegment.com/research/tor-browser-deanonymization-with-smb/", + "refsource": "MISC", + "url": "https://www.wearesegment.com/research/tor-browser-deanonymization-with-smb/" + }, + { + "name": "20180912 CVE-2017-16639 - Tor Browser Deanonymization With SMB", + "refsource": "BUGTRAQ", + "url": "https://seclists.org/bugtraq/2018/Sep/29" + }, + { + "name": "http://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymization-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymization-Information-Disclosure.html" + }, + { + "name": "105346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105346" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16745.json b/2017/16xxx/CVE-2017-16745.json index 07580650a91..328e617e6b6 100644 --- a/2017/16xxx/CVE-2017-16745.json +++ b/2017/16xxx/CVE-2017-16745.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-16745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Delta Electronics Delta Industrial Automation Screen Editor", - "version" : { - "version_data" : [ - { - "version_value" : "Delta Electronics Delta Industrial Automation Screen Editor" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-16745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Delta Electronics Delta Industrial Automation Screen Editor", + "version": { + "version_data": [ + { + "version_value": "Delta Electronics Delta Industrial Automation Screen Editor" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01" - }, - { - "name" : "102426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01" + }, + { + "name": "102426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102426" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4077.json b/2017/4xxx/CVE-2017-4077.json index 5ec66e8a52c..fdd224cd992 100644 --- a/2017/4xxx/CVE-2017-4077.json +++ b/2017/4xxx/CVE-2017-4077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4077", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4077", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4245.json b/2017/4xxx/CVE-2017-4245.json index b6fa3c4dcda..86b2b65ef07 100644 --- a/2017/4xxx/CVE-2017-4245.json +++ b/2017/4xxx/CVE-2017-4245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4245", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4245", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4412.json b/2017/4xxx/CVE-2017-4412.json index 0f6a9141d69..4ecaeece563 100644 --- a/2017/4xxx/CVE-2017-4412.json +++ b/2017/4xxx/CVE-2017-4412.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4412", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4412", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4871.json b/2017/4xxx/CVE-2017-4871.json index 9288a3b614d..d71db93ef79 100644 --- a/2017/4xxx/CVE-2017-4871.json +++ b/2017/4xxx/CVE-2017-4871.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4871", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4871", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4990.json b/2017/4xxx/CVE-2017-4990.json index 897c8e5c47d..d0070f49892 100644 --- a/2017/4xxx/CVE-2017-4990.json +++ b/2017/4xxx/CVE-2017-4990.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server Unauthorized File Upload Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226", + "version": { + "version_data": [ + { + "version_value": "EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540754/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540754/30/0/threaded" - }, - { - "name" : "99243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99243" - }, - { - "name" : "1038718", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the attacker to execute arbitrary code on the Avamar Server system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server Unauthorized File Upload Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/archive/1/540754/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540754/30/0/threaded" + }, + { + "name": "99243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99243" + }, + { + "name": "1038718", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038718" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18258.json b/2018/18xxx/CVE-2018-18258.json index d34a973a813..41ec7dd0cf3 100644 --- a/2018/18xxx/CVE-2018-18258.json +++ b/2018/18xxx/CVE-2018-18258.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rakjong/vuln/blob/master/Bagecms_vuln_1.pdf", - "refsource" : "MISC", - "url" : "https://github.com/rakjong/vuln/blob/master/Bagecms_vuln_1.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rakjong/vuln/blob/master/Bagecms_vuln_1.pdf", + "refsource": "MISC", + "url": "https://github.com/rakjong/vuln/blob/master/Bagecms_vuln_1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18339.json b/2018/18xxx/CVE-2018-18339.json index 0cc16428667..17770243777 100644 --- a/2018/18xxx/CVE-2018-18339.json +++ b/2018/18xxx/CVE-2018-18339.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-18339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-18339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/891187", - "refsource" : "MISC", - "url" : "https://crbug.com/891187" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4352", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4352" - }, - { - "name" : "RHSA-2018:3803", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3803" - }, - { - "name" : "106084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:3803", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3803" + }, + { + "name": "https://crbug.com/891187", + "refsource": "MISC", + "url": "https://crbug.com/891187" + }, + { + "name": "DSA-4352", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4352" + }, + { + "name": "106084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106084" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18424.json b/2018/18xxx/CVE-2018-18424.json index d8a04afcb24..5f882b6c720 100644 --- a/2018/18xxx/CVE-2018-18424.json +++ b/2018/18xxx/CVE-2018-18424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18424", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18424", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18502.json b/2018/18xxx/CVE-2018-18502.json index a23800849b2..6281526ee45 100644 --- a/2018/18xxx/CVE-2018-18502.json +++ b/2018/18xxx/CVE-2018-18502.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-18502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "65" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 65" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-18502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "65" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2019-01/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2019-01/" - }, - { - "name" : "USN-3874-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3874-1/" - }, - { - "name" : "106773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 65" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2019-01/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-01/" + }, + { + "name": "106773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106773" + }, + { + "name": "USN-3874-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3874-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18882.json b/2018/18xxx/CVE-2018-18882.json index a4646b640a8..9e1d9af59c1 100644 --- a/2018/18xxx/CVE-2018-18882.json +++ b/2018/18xxx/CVE-2018-18882.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18882", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18882", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18930.json b/2018/18xxx/CVE-2018-18930.json index 23b36525ce4..9635f98c1a0 100644 --- a/2018/18xxx/CVE-2018-18930.json +++ b/2018/18xxx/CVE-2018-18930.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18930", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18930", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1532.json b/2018/1xxx/CVE-2018-1532.json index 04d231e76af..df0732eeef6 100644 --- a/2018/1xxx/CVE-2018-1532.json +++ b/2018/1xxx/CVE-2018-1532.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-04-30T00:00:00", - "ID" : "CVE-2018-1532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.1.0" - }, - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "5.0.2.0" - }, - { - "version_value" : "5.0.5.0" - }, - { - "version_value" : "5.0.6.0" - }, - { - "version_value" : "5.0.6.1" - }, - { - "version_value" : "5.0.6.2" - }, - { - "version_value" : "5.0.7.0" - }, - { - "version_value" : "5.0.7.1" - }, - { - "version_value" : "5.0.3.0" - }, - { - "version_value" : "5.0.4.0" - }, - { - "version_value" : "5.0.7.2" - }, - { - "version_value" : "5.0.6.3" - }, - { - "version_value" : "5.0.6.4" - }, - { - "version_value" : "5.0.8.0" - }, - { - "version_value" : "5.0.8.1" - }, - { - "version_value" : "5.0.6.5" - }, - { - "version_value" : "5.0.6.6" - }, - { - "version_value" : "5.0.8.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "L", - "S" : "U", - "SCORE" : "4.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-04-30T00:00:00", + "ID": "CVE-2018-1532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "5.0.1.0" + }, + { + "version_value": "5.0.0.0" + }, + { + "version_value": "5.0.2.0" + }, + { + "version_value": "5.0.5.0" + }, + { + "version_value": "5.0.6.0" + }, + { + "version_value": "5.0.6.1" + }, + { + "version_value": "5.0.6.2" + }, + { + "version_value": "5.0.7.0" + }, + { + "version_value": "5.0.7.1" + }, + { + "version_value": "5.0.3.0" + }, + { + "version_value": "5.0.4.0" + }, + { + "version_value": "5.0.7.2" + }, + { + "version_value": "5.0.6.3" + }, + { + "version_value": "5.0.6.4" + }, + { + "version_value": "5.0.8.0" + }, + { + "version_value": "5.0.8.1" + }, + { + "version_value": "5.0.6.5" + }, + { + "version_value": "5.0.6.6" + }, + { + "version_value": "5.0.8.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015978", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015978" - }, - { - "name" : "ibm-api-cve20181532-info-disc(142430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "N", + "PR": "L", + "S": "U", + "SCORE": "4.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-api-cve20181532-info-disc(142430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142430" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22015978", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22015978" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5349.json b/2018/5xxx/CVE-2018-5349.json index 37b1352cbc2..6a9c7ce22b7 100644 --- a/2018/5xxx/CVE-2018-5349.json +++ b/2018/5xxx/CVE-2018-5349.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory \"C:\\ProgramData\\Heimdal Security\\Heimdal Agent\" allow BUILTIN\\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://improsec.com/blog/heimdal-advisory-1", - "refsource" : "MISC", - "url" : "https://improsec.com/blog/heimdal-advisory-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory \"C:\\ProgramData\\Heimdal Security\\Heimdal Agent\" allow BUILTIN\\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://improsec.com/blog/heimdal-advisory-1", + "refsource": "MISC", + "url": "https://improsec.com/blog/heimdal-advisory-1" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5731.json b/2018/5xxx/CVE-2018-5731.json index be105c04c67..62777fd5b18 100644 --- a/2018/5xxx/CVE-2018-5731.json +++ b/2018/5xxx/CVE-2018-5731.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\\windows\\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the file in the window between md.hs closing the file and executing it. This can be exploited via opportunistic locks and a high priority thread. The vulnerability is triggered when a scan starts. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://improsec.com/blog/heimdal-advisory-2", - "refsource" : "MISC", - "url" : "https://improsec.com/blog/heimdal-advisory-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\\windows\\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the file in the window between md.hs closing the file and executing it. This can be exploited via opportunistic locks and a high priority thread. The vulnerability is triggered when a scan starts. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://improsec.com/blog/heimdal-advisory-2", + "refsource": "MISC", + "url": "https://improsec.com/blog/heimdal-advisory-2" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5756.json b/2018/5xxx/CVE-2018-5756.json index a90318eaeab..cb6efed7d2e 100644 --- a/2018/5xxx/CVE-2018-5756.json +++ b/2018/5xxx/CVE-2018-5756.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44881", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44881/" - }, - { - "name" : "20180608 Open-Xchange Security Advisory 2018-06-08", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jun/23" - }, - { - "name" : "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html" + }, + { + "name": "44881", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44881/" + }, + { + "name": "20180608 Open-Xchange Security Advisory 2018-06-08", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jun/23" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5885.json b/2018/5xxx/CVE-2018-5885.json index b1c02ef989f..e1992d22e71 100644 --- a/2018/5xxx/CVE-2018-5885.json +++ b/2018/5xxx/CVE-2018-5885.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-07-02T00:00:00", - "ID" : "CVE-2018-5885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 845" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Possible buffer overflow in Secure UI" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-07-02T00:00:00", + "ID": "CVE-2018-5885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 845" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Possible buffer overflow in Secure UI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5905.json b/2018/5xxx/CVE-2018-5905.json index 71724b0c3f5..9b0b9244d3a 100644 --- a/2018/5xxx/CVE-2018-5905.json +++ b/2018/5xxx/CVE-2018-5905.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-5905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-5905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000051163", - "refsource" : "CONFIRM", - "url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000051163" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-08-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-08-01#qualcomm-components" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6eb2f4f6fde1b210712d6ac66b40b9e7684d77db", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6eb2f4f6fde1b210712d6ac66b40b9e7684d77db" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6eb2f4f6fde1b210712d6ac66b40b9e7684d77db", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6eb2f4f6fde1b210712d6ac66b40b9e7684d77db" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-08-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-08-01#qualcomm-components" + }, + { + "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000051163", + "refsource": "CONFIRM", + "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000051163" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5911.json b/2018/5xxx/CVE-2018-5911.json index b4e26dee3cc..0d5c64ff32f 100644 --- a/2018/5xxx/CVE-2018-5911.json +++ b/2018/5xxx/CVE-2018-5911.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5911", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5911", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file