From a86116b331e641a623a3b7ee360a82592e2c6963 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:58:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/1xxx/CVE-2001-1052.json | 140 +++++++-------- 2001/1xxx/CVE-2001-1150.json | 150 ++++++++--------- 2008/1xxx/CVE-2008-1333.json | 210 +++++++++++------------ 2008/1xxx/CVE-2008-1644.json | 140 +++++++-------- 2008/1xxx/CVE-2008-1650.json | 170 +++++++++---------- 2008/5xxx/CVE-2008-5396.json | 160 +++++++++--------- 2011/2xxx/CVE-2011-2062.json | 34 ++-- 2013/0xxx/CVE-2013-0155.json | 230 ++++++++++++------------- 2013/0xxx/CVE-2013-0742.json | 140 +++++++-------- 2013/1xxx/CVE-2013-1287.json | 140 +++++++-------- 2013/1xxx/CVE-2013-1486.json | 300 ++++++++++++++++----------------- 2013/1xxx/CVE-2013-1872.json | 200 +++++++++++----------- 2013/3xxx/CVE-2013-3175.json | 150 ++++++++--------- 2013/4xxx/CVE-2013-4581.json | 130 +++++++------- 2013/4xxx/CVE-2013-4596.json | 150 ++++++++--------- 2013/4xxx/CVE-2013-4696.json | 34 ++-- 2013/4xxx/CVE-2013-4845.json | 130 +++++++------- 2017/12xxx/CVE-2017-12146.json | 190 ++++++++++----------- 2017/12xxx/CVE-2017-12386.json | 34 ++-- 2017/12xxx/CVE-2017-12628.json | 130 +++++++------- 2017/13xxx/CVE-2017-13516.json | 34 ++-- 2017/13xxx/CVE-2017-13707.json | 120 ++++++------- 2017/16xxx/CVE-2017-16689.json | 142 ++++++++-------- 2017/16xxx/CVE-2017-16802.json | 120 ++++++------- 2017/16xxx/CVE-2017-16833.json | 120 ++++++------- 2017/17xxx/CVE-2017-17120.json | 34 ++-- 2017/17xxx/CVE-2017-17641.json | 130 +++++++------- 2017/17xxx/CVE-2017-17693.json | 120 ++++++------- 2017/4xxx/CVE-2017-4906.json | 34 ++-- 2018/18xxx/CVE-2018-18104.json | 34 ++-- 2018/18xxx/CVE-2018-18457.json | 130 +++++++------- 2018/18xxx/CVE-2018-18817.json | 120 ++++++------- 2018/18xxx/CVE-2018-18936.json | 120 ++++++------- 2018/1xxx/CVE-2018-1123.json | 230 ++++++++++++------------- 2018/1xxx/CVE-2018-1274.json | 132 +++++++-------- 2018/1xxx/CVE-2018-1801.json | 242 +++++++++++++------------- 2018/5xxx/CVE-2018-5627.json | 34 ++-- 2018/5xxx/CVE-2018-5994.json | 120 ++++++------- 38 files changed, 2489 insertions(+), 2489 deletions(-) diff --git a/2001/1xxx/CVE-2001-1052.json b/2001/1xxx/CVE-2001-1052.json index 20fa3a5dee2..0d1b5002c8d 100644 --- a/2001/1xxx/CVE-2001-1052.json +++ b/2001/1xxx/CVE-2001-1052.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011002 results of semi-automatic source code audit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html" - }, - { - "name" : "3391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3391" - }, - { - "name" : "php-includedir-code-execution(7215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011002 results of semi-automatic source code audit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html" + }, + { + "name": "3391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3391" + }, + { + "name": "php-includedir-code-execution(7215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7215" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1150.json b/2001/1xxx/CVE-2001-1150.json index e0b9f378b58..af62fbfb5b1 100644 --- a/2001/1xxx/CVE-2001-1150.json +++ b/2001/1xxx/CVE-2001-1150.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/209375" - }, - { - "name" : "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/210087" - }, - { - "name" : "3216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3216" - }, - { - "name" : "officescan-iuser-read-files(7014)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7014.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "officescan-iuser-read-files(7014)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7014.php" + }, + { + "name": "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/210087" + }, + { + "name": "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/209375" + }, + { + "name": "3216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3216" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1333.json b/2008/1xxx/CVE-2008-1333.json index ec2c1c94d42..498c901f195 100644 --- a/2008/1xxx/CVE-2008-1333.json +++ b/2008/1xxx/CVE-2008-1333.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080318 AST-2008-004: Format String Vulnerability in Logger and Manager", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489823/100/0/threaded" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2008-004.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2008-004.html" - }, - { - "name" : "http://www.asterisk.org/node/48466", - "refsource" : "CONFIRM", - "url" : "http://www.asterisk.org/node/48466" - }, - { - "name" : "DSA-1525", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1525" - }, - { - "name" : "28311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28311" - }, - { - "name" : "ADV-2008-0928", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0928" - }, - { - "name" : "1019630", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019630" - }, - { - "name" : "29426", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29426" - }, - { - "name" : "29456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29456" - }, - { - "name" : "asterisk-astverbose-dos(41301)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "asterisk-astverbose-dos(41301)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41301" + }, + { + "name": "20080318 AST-2008-004: Format String Vulnerability in Logger and Manager", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489823/100/0/threaded" + }, + { + "name": "1019630", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019630" + }, + { + "name": "28311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28311" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2008-004.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2008-004.html" + }, + { + "name": "DSA-1525", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1525" + }, + { + "name": "29426", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29426" + }, + { + "name": "http://www.asterisk.org/node/48466", + "refsource": "CONFIRM", + "url": "http://www.asterisk.org/node/48466" + }, + { + "name": "ADV-2008-0928", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0928" + }, + { + "name": "29456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29456" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1644.json b/2008/1xxx/CVE-2008-1644.json index c14d6411fb5..2e98c539fd0 100644 --- a/2008/1xxx/CVE-2008-1644.json +++ b/2008/1xxx/CVE-2008-1644.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28538" - }, - { - "name" : "29589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29589" - }, - { - "name" : "savaslinkmanager-category-sql-injection(41594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "savaslinkmanager-category-sql-injection(41594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41594" + }, + { + "name": "29589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29589" + }, + { + "name": "28538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28538" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1650.json b/2008/1xxx/CVE-2008-1650.json index bbb5a700113..54d1d4e00cd 100644 --- a/2008/1xxx/CVE-2008-1650.json +++ b/2008/1xxx/CVE-2008-1650.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080401 EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490338/100/0/threaded" - }, - { - "name" : "5333", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5333" - }, - { - "name" : "28542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28542" - }, - { - "name" : "29624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29624" - }, - { - "name" : "3793", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3793" - }, - { - "name" : "easynews-index-sql-injection(41590)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5333", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5333" + }, + { + "name": "28542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28542" + }, + { + "name": "29624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29624" + }, + { + "name": "20080401 EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490338/100/0/threaded" + }, + { + "name": "easynews-index-sql-injection(41590)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41590" + }, + { + "name": "3793", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3793" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5396.json b/2008/5xxx/CVE-2008-5396.json index 1b7a61ed352..eaa61956758 100644 --- a/2008/5xxx/CVE-2008-5396.json +++ b/2008/5xxx/CVE-2008-5396.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081203 CVE Request (zaptel)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/12/03/10" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459" - }, - { - "name" : "http://bugs.digium.com/view.php?id=13954", - "refsource" : "CONFIRM", - "url" : "http://bugs.digium.com/view.php?id=13954" - }, - { - "name" : "32947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32947" - }, - { - "name" : "32960", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20081203 CVE Request (zaptel)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/12/03/10" + }, + { + "name": "http://bugs.digium.com/view.php?id=13954", + "refsource": "CONFIRM", + "url": "http://bugs.digium.com/view.php?id=13954" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459" + }, + { + "name": "32947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32947" + }, + { + "name": "32960", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32960" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2062.json b/2011/2xxx/CVE-2011-2062.json index 3da6bf1c9de..0dede814aa5 100644 --- a/2011/2xxx/CVE-2011-2062.json +++ b/2011/2xxx/CVE-2011-2062.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2062", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2062", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0155.json b/2013/0xxx/CVE-2013-0155.json index 65fb63bb91c..ac74a951b86 100644 --- a/2013/0xxx/CVE-2013-0155.json +++ b/2013/0xxx/CVE-2013-0155.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rubyonrails-security] 20130108 Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" - }, - { - "name" : "http://support.apple.com/kb/HT5784", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5784" - }, - { - "name" : "https://puppet.com/security/cve/cve-2013-0155", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2013-0155" - }, - { - "name" : "APPLE-SA-2013-06-04-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" - }, - { - "name" : "DSA-2609", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2609" - }, - { - "name" : "RHSA-2013:0154", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0154.html" - }, - { - "name" : "RHSA-2013:0155", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0155.html" - }, - { - "name" : "openSUSE-SU-2013:1904", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" - }, - { - "name" : "openSUSE-SU-2013:1906", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" - }, - { - "name" : "openSUSE-SU-2013:1907", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" - }, - { - "name" : "openSUSE-SU-2014:0009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660 and CVE-2012-2694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1906", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" + }, + { + "name": "RHSA-2013:0155", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" + }, + { + "name": "DSA-2609", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2609" + }, + { + "name": "openSUSE-SU-2014:0009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" + }, + { + "name": "https://puppet.com/security/cve/cve-2013-0155", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2013-0155" + }, + { + "name": "openSUSE-SU-2013:1907", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" + }, + { + "name": "http://support.apple.com/kb/HT5784", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5784" + }, + { + "name": "APPLE-SA-2013-06-04-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" + }, + { + "name": "openSUSE-SU-2013:1904", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" + }, + { + "name": "RHSA-2013:0154", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" + }, + { + "name": "[rubyonrails-security] 20130108 Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)", + "refsource": "MLIST", + "url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0742.json b/2013/0xxx/CVE-2013-0742.json index 2bf2ff8f103..06346890b9c 100644 --- a/2013/0xxx/CVE-2013-0742.json +++ b/2013/0xxx/CVE-2013-0742.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-0742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26805", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/26805" - }, - { - "name" : "94933", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/94933" - }, - { - "name" : "52707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94933", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/94933" + }, + { + "name": "26805", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/26805" + }, + { + "name": "52707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52707" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1287.json b/2013/1xxx/CVE-2013-1287.json index 59e99448b54..c1a7db05f7c 100644 --- a/2013/1xxx/CVE-2013-1287.json +++ b/2013/1xxx/CVE-2013-1287.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka \"Windows USB Descriptor Vulnerability,\" a different vulnerability than CVE-2013-1285 and CVE-2013-1286." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-027", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027" - }, - { - "name" : "TA13-071A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" - }, - { - "name" : "oval:org.mitre.oval:def:16498", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka \"Windows USB Descriptor Vulnerability,\" a different vulnerability than CVE-2013-1285 and CVE-2013-1286." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-027", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027" + }, + { + "name": "oval:org.mitre.oval:def:16498", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16498" + }, + { + "name": "TA13-071A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1486.json b/2013/1xxx/CVE-2013-1486.json index 129e055c017..04ecb522f7f 100644 --- a/2013/1xxx/CVE-2013-1486.json +++ b/2013/1xxx/CVE-2013-1486.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/", - "refsource" : "MISC", - "url" : "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "SUSE-SU-2013:0328", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html" - }, - { - "name" : "openSUSE-SU-2013:0375", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html" - }, - { - "name" : "openSUSE-SU-2013:0378", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html" - }, - { - "name" : "USN-1735-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1735-1" - }, - { - "name" : "TA13-051A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-051A.html" - }, - { - "name" : "58029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58029" - }, - { - "name" : "oval:org.mitre.oval:def:19402", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19402" - }, - { - "name" : "oval:org.mitre.oval:def:19469", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "TA13-051A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/", + "refsource": "MISC", + "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html" + }, + { + "name": "openSUSE-SU-2013:0378", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SUSE-SU-2013:0328", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html" + }, + { + "name": "USN-1735-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1735-1" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19402", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19402" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "openSUSE-SU-2013:0375", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "oval:org.mitre.oval:def:19469", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19469" + }, + { + "name": "58029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58029" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1872.json b/2013/1xxx/CVE-2013-1872.json index 3d3292ca9dc..404143d7be5 100644 --- a/2013/1xxx/CVE-2013-1872.json +++ b/2013/1xxx/CVE-2013-1872.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=59429", - "refsource" : "MISC", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=59429" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2013-0190.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2013-0190.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=923584", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=923584" - }, - { - "name" : "DSA-2704", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2704" - }, - { - "name" : "RHSA-2013:0897", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0897.html" - }, - { - "name" : "SUSE-SU-2013:1175", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00014.html" - }, - { - "name" : "openSUSE-SU-2013:1188", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00019.html" - }, - { - "name" : "USN-1888-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1888-1" - }, - { - "name" : "60285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=59429", + "refsource": "MISC", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=59429" + }, + { + "name": "http://advisories.mageia.org/MGASA-2013-0190.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2013-0190.html" + }, + { + "name": "DSA-2704", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2704" + }, + { + "name": "USN-1888-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1888-1" + }, + { + "name": "60285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60285" + }, + { + "name": "RHSA-2013:0897", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0897.html" + }, + { + "name": "openSUSE-SU-2013:1188", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00019.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=923584", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923584" + }, + { + "name": "SUSE-SU-2013:1175", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00014.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3175.json b/2013/3xxx/CVE-2013-3175.json index b646c5c78a6..41088e664eb 100644 --- a/2013/3xxx/CVE-2013-3175.json +++ b/2013/3xxx/CVE-2013-3175.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka \"Remote Procedure Call Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vrt-blog.snort.org/2013/08/microsoft-update-tuesday-august-2013.html", - "refsource" : "MISC", - "url" : "http://vrt-blog.snort.org/2013/08/microsoft-update-tuesday-august-2013.html" - }, - { - "name" : "MS13-062", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-062" - }, - { - "name" : "TA13-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A" - }, - { - "name" : "oval:org.mitre.oval:def:18293", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka \"Remote Procedure Call Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-062", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-062" + }, + { + "name": "oval:org.mitre.oval:def:18293", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18293" + }, + { + "name": "http://vrt-blog.snort.org/2013/08/microsoft-update-tuesday-august-2013.html", + "refsource": "MISC", + "url": "http://vrt-blog.snort.org/2013/08/microsoft-update-tuesday-august-2013.html" + }, + { + "name": "TA13-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-225A" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4581.json b/2013/4xxx/CVE-2013-4581.json index 4f2b64d97f6..2c4258602e5 100644 --- a/2013/4xxx/CVE-2013-4581.json +++ b/2013/4xxx/CVE-2013-4581.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/15/4" - }, - { - "name" : "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/", - "refsource" : "CONFIRM", - "url" : "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/15/4" + }, + { + "name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/", + "refsource": "CONFIRM", + "url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4596.json b/2013/4xxx/CVE-2013-4596.json index 6e787f2ba0b..e7642906e7c 100644 --- a/2013/4xxx/CVE-2013-4596.json +++ b/2013/4xxx/CVE-2013-4596.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/2129379", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2129379" - }, - { - "name" : "https://drupal.org/node/2125239", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2125239" - }, - { - "name" : "63568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63568" - }, - { - "name" : "55255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drupal.org/node/2125239", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2125239" + }, + { + "name": "63568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63568" + }, + { + "name": "55255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55255" + }, + { + "name": "https://drupal.org/node/2129379", + "refsource": "MISC", + "url": "https://drupal.org/node/2129379" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4696.json b/2013/4xxx/CVE-2013-4696.json index 3be5716ba19..76f76eff026 100644 --- a/2013/4xxx/CVE-2013-4696.json +++ b/2013/4xxx/CVE-2013-4696.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4696", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4696. Reason: This candidate is a duplicate of CVE-2012-4696. A CNA inadvertently entered an unassigned ID. Notes: All CVE users should reference CVE-2012-4696 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-4696", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4696. Reason: This candidate is a duplicate of CVE-2012-4696. A CNA inadvertently entered an unassigned ID. Notes: All CVE users should reference CVE-2012-4696 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4845.json b/2013/4xxx/CVE-2013-4845.json index 8d3e670c1f5..c99dceb097a 100644 --- a/2013/4xxx/CVE-2013-4845.json +++ b/2013/4xxx/CVE-2013-4845.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI02945", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04035829" - }, - { - "name" : "SSRT101164", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04035829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPI02945", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04035829" + }, + { + "name": "SSRT101164", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04035829" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12146.json b/2017/12xxx/CVE-2017-12146.json index f53ea699ab2..95e0d04488f 100644 --- a/2017/12xxx/CVE-2017-12146.json +++ b/2017/12xxx/CVE-2017-12146.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6265539776a0810b7ce6398c27866ddb9c6bd154", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6265539776a0810b7ce6398c27866ddb9c6bd154" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1489078", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1489078" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1057474", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1057474" - }, - { - "name" : "https://github.com/torvalds/linux/commit/6265539776a0810b7ce6398c27866ddb9c6bd154", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/6265539776a0810b7ce6398c27866ddb9c6bd154" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "DSA-3981", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3981" - }, - { - "name" : "100651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "https://github.com/torvalds/linux/commit/6265539776a0810b7ce6398c27866ddb9c6bd154", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/6265539776a0810b7ce6398c27866ddb9c6bd154" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1057474", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1057474" + }, + { + "name": "100651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100651" + }, + { + "name": "DSA-3981", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3981" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6265539776a0810b7ce6398c27866ddb9c6bd154", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6265539776a0810b7ce6398c27866ddb9c6bd154" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1489078", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489078" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.1" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12386.json b/2017/12xxx/CVE-2017-12386.json index 11b4f129f2d..a0bea2da569 100644 --- a/2017/12xxx/CVE-2017-12386.json +++ b/2017/12xxx/CVE-2017-12386.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12386", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12386", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12628.json b/2017/12xxx/CVE-2017-12628.json index de6039e0bdb..6a210507c93 100644 --- a/2017/12xxx/CVE-2017-12628.json +++ b/2017/12xxx/CVE-2017-12628.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-12628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache James", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-12628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache James", + "version": { + "version_data": [ + { + "version_value": "3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[server-user] 20171019 Announce: Apache James 3.0.1 security release", - "refsource" : "MLIST", - "url" : "https://www.mail-archive.com/server-user@james.apache.org/msg15633.html" - }, - { - "name" : "101532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[server-user] 20171019 Announce: Apache James 3.0.1 security release", + "refsource": "MLIST", + "url": "https://www.mail-archive.com/server-user@james.apache.org/msg15633.html" + }, + { + "name": "101532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101532" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13516.json b/2017/13xxx/CVE-2017-13516.json index 300df7ab12c..e9e5d51b9cd 100644 --- a/2017/13xxx/CVE-2017-13516.json +++ b/2017/13xxx/CVE-2017-13516.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13516", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13516", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13707.json b/2017/13xxx/CVE-2017-13707.json index bbc66b48b4a..fc32943fd96 100644 --- a/2017/13xxx/CVE-2017-13707.json +++ b/2017/13xxx/CVE-2017-13707.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Wh1t3Rh1n0/exploits/blob/master/2017-08-25%20Replibit%20Backup%20Manager/README.md", - "refsource" : "MISC", - "url" : "https://github.com/Wh1t3Rh1n0/exploits/blob/master/2017-08-25%20Replibit%20Backup%20Manager/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Wh1t3Rh1n0/exploits/blob/master/2017-08-25%20Replibit%20Backup%20Manager/README.md", + "refsource": "MISC", + "url": "https://github.com/Wh1t3Rh1n0/exploits/blob/master/2017-08-25%20Replibit%20Backup%20Manager/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16689.json b/2017/16xxx/CVE-2017-16689.json index f1246aa4ebd..9d640357776 100644 --- a/2017/16xxx/CVE-2017-16689.json +++ b/2017/16xxx/CVE-2017-16689.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-16689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trusted RFC connection", - "version" : { - "version_data" : [ - { - "version_value" : "SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Additional authentication check in Trusted RFC on same system" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-16689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trusted RFC connection", + "version": { + "version_data": [ + { + "version_value": "SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2449757", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2449757" - }, - { - "name" : "102144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Additional authentication check in Trusted RFC on same system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102144" + }, + { + "name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2449757", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2449757" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16802.json b/2017/16xxx/CVE-2017-16802.json index a4e8af433dc..b080865d62b 100644 --- a/2017/16xxx/CVE-2017-16802.json +++ b/2017/16xxx/CVE-2017-16802.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MISP/MISP/commit/a659664447a7b2a383cb9e0f6b43dcb43ec69194", - "refsource" : "CONFIRM", - "url" : "https://github.com/MISP/MISP/commit/a659664447a7b2a383cb9e0f6b43dcb43ec69194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MISP/MISP/commit/a659664447a7b2a383cb9e0f6b43dcb43ec69194", + "refsource": "CONFIRM", + "url": "https://github.com/MISP/MISP/commit/a659664447a7b2a383cb9e0f6b43dcb43ec69194" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16833.json b/2017/16xxx/CVE-2017-16833.json index 6d8fbf3dbbe..5aa0f1dd644 100644 --- a/2017/16xxx/CVE-2017-16833.json +++ b/2017/16xxx/CVE-2017-16833.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the \"homepage\" value of a \".gemspec\" file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/PierreRambaud/gemirro/commit/9659f9b7ce15a723da8e361bd41b9203b19c97de", - "refsource" : "CONFIRM", - "url" : "https://github.com/PierreRambaud/gemirro/commit/9659f9b7ce15a723da8e361bd41b9203b19c97de" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the \"homepage\" value of a \".gemspec\" file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PierreRambaud/gemirro/commit/9659f9b7ce15a723da8e361bd41b9203b19c97de", + "refsource": "CONFIRM", + "url": "https://github.com/PierreRambaud/gemirro/commit/9659f9b7ce15a723da8e361bd41b9203b19c97de" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17120.json b/2017/17xxx/CVE-2017-17120.json index 4be1bb61842..22f96423c59 100644 --- a/2017/17xxx/CVE-2017-17120.json +++ b/2017/17xxx/CVE-2017-17120.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17120", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17120", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17641.json b/2017/17xxx/CVE-2017-17641.json index 54e926dedbe..77c185854dd 100644 --- a/2017/17xxx/CVE-2017-17641.json +++ b/2017/17xxx/CVE-2017-17641.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43312", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43312/" - }, - { - "name" : "https://packetstormsecurity.com/files/145353/Resume-Clone-Script-2.0.5-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145353/Resume-Clone-Script-2.0.5-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/145353/Resume-Clone-Script-2.0.5-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145353/Resume-Clone-Script-2.0.5-SQL-Injection.html" + }, + { + "name": "43312", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43312/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17693.json b/2017/17xxx/CVE-2017-17693.json index ed4cf8a5357..0cbcf58203c 100644 --- a/2017/17xxx/CVE-2017-17693.json +++ b/2017/17xxx/CVE-2017-17693.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Techno-Portfolio-Management-Panel.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Techno-Portfolio-Management-Panel.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Techno-Portfolio-Management-Panel.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Techno-Portfolio-Management-Panel.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4906.json b/2017/4xxx/CVE-2017-4906.json index 69bd5d91913..a09f0b8a777 100644 --- a/2017/4xxx/CVE-2017-4906.json +++ b/2017/4xxx/CVE-2017-4906.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4906", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-4906", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18104.json b/2018/18xxx/CVE-2018-18104.json index 54c77bae2ad..315e66f1133 100644 --- a/2018/18xxx/CVE-2018-18104.json +++ b/2018/18xxx/CVE-2018-18104.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18104", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18104", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18457.json b/2018/18xxx/CVE-2018-18457.json index 23ab41f746c..e587b30b5ee 100644 --- a/2018/18xxx/CVE-2018-18457.json +++ b/2018/18xxx/CVE-2018-18457.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217", - "refsource" : "MISC", - "url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217" - }, - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217", + "refsource": "MISC", + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217" + }, + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18817.json b/2018/18xxx/CVE-2018-18817.json index dcf60fdae1e..f92d3ffa7f1 100644 --- a/2018/18xxx/CVE-2018-18817.json +++ b/2018/18xxx/CVE-2018-18817.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update", - "refsource" : "MISC", - "url" : "https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update", + "refsource": "MISC", + "url": "https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18936.json b/2018/18xxx/CVE-2018-18936.json index a75d4ceffbc..8e5102303e3 100644 --- a/2018/18xxx/CVE-2018-18936.json +++ b/2018/18xxx/CVE-2018-18936.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/PopojiCMS/PopojiCMS/issues/15", - "refsource" : "MISC", - "url" : "https://github.com/PopojiCMS/PopojiCMS/issues/15" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PopojiCMS/PopojiCMS/issues/15", + "refsource": "MISC", + "url": "https://github.com/PopojiCMS/PopojiCMS/issues/15" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1123.json b/2018/1xxx/CVE-2018-1123.json index 03bccc505a8..1c0d19e1512 100644 --- a/2018/1xxx/CVE-2018-1123.json +++ b/2018/1xxx/CVE-2018-1123.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-1123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "procps-ng, procps", - "version" : { - "version_data" : [ - { - "version_value" : "procps-ng 3.3.15" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service)." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-1123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "procps-ng, procps", + "version": { + "version_data": [ + { + "version_value": "procps-ng 3.3.15" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44806", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44806/" - }, - { - "name" : "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2018/q2/122" - }, - { - "name" : "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html" - }, - { - "name" : "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", - "refsource" : "MISC", - "url" : "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123" - }, - { - "name" : "DSA-4208", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4208" - }, - { - "name" : "GLSA-201805-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-14" - }, - { - "name" : "USN-3658-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3658-1/" - }, - { - "name" : "USN-3658-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3658-3/" - }, - { - "name" : "104214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service)." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3658-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3658-1/" + }, + { + "name": "DSA-4208", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4208" + }, + { + "name": "GLSA-201805-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-14" + }, + { + "name": "44806", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44806/" + }, + { + "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html" + }, + { + "name": "USN-3658-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3658-3/" + }, + { + "name": "104214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104214" + }, + { + "name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2018/q2/122" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123" + }, + { + "name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1274.json b/2018/1xxx/CVE-2018-1274.json index b72ca433828..271bc1b4d47 100644 --- a/2018/1xxx/CVE-2018-1274.json +++ b/2018/1xxx/CVE-2018-1274.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-04-10T00:00:00", - "ID" : "CVE-2018-1274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spring Framework", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 1.13 to 1.13.10, 2.0 to 2.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "Spring by Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-04-10T00:00:00", + "ID": "CVE-2018-1274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Framework", + "version": { + "version_data": [ + { + "version_value": "Versions 1.13 to 1.13.10, 2.0 to 2.0.5" + } + ] + } + } + ] + }, + "vendor_name": "Spring by Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-1274", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-1274" - }, - { - "name" : "103769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2018-1274", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-1274" + }, + { + "name": "103769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103769" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1801.json b/2018/1xxx/CVE-2018-1801.json index dee8428b3b8..35026fb2195 100644 --- a/2018/1xxx/CVE-2018-1801.json +++ b/2018/1xxx/CVE-2018-1801.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-01-28T00:00:00", - "ID" : "CVE-2018-1801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Integration Bus", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.0" - }, - { - "version_value" : "10.0.0.0" - }, - { - "version_value" : "9.0.0.10" - }, - { - "version_value" : "10.0.0.13" - } - ] - } - }, - { - "product_name" : "WebSphere Message Broker", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.0.0" - }, - { - "version_value" : "8.0.0.9" - } - ] - } - }, - { - "product_name" : "App Connect", - "version" : { - "version_data" : [ - { - "version_value" : "11.0.0.0" - }, - { - "version_value" : "11.0.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "L", - "AC" : "L", - "AV" : "N", - "C" : "N", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.300", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-01-28T00:00:00", + "ID": "CVE-2018-1801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Integration Bus", + "version": { + "version_data": [ + { + "version_value": "9.0.0.0" + }, + { + "version_value": "10.0.0.0" + }, + { + "version_value": "9.0.0.10" + }, + { + "version_value": "10.0.0.13" + } + ] + } + }, + { + "product_name": "WebSphere Message Broker", + "version": { + "version_data": [ + { + "version_value": "8.0.0.0" + }, + { + "version_value": "8.0.0.9" + } + ] + } + }, + { + "product_name": "App Connect", + "version": { + "version_data": [ + { + "version_value": "11.0.0.0" + }, + { + "version_value": "11.0.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10795780", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10795780" - }, - { - "name" : "ibm-ibus-cve20181801-dos(149639)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "L", + "AC": "L", + "AV": "N", + "C": "N", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.300", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-ibus-cve20181801-dos(149639)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10795780", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5627.json b/2018/5xxx/CVE-2018-5627.json index 418a02c903e..327f4c1384c 100644 --- a/2018/5xxx/CVE-2018-5627.json +++ b/2018/5xxx/CVE-2018-5627.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5627", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5627", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5994.json b/2018/5xxx/CVE-2018-5994.json index 10d274f3ba9..ced2790e435 100644 --- a/2018/5xxx/CVE-2018-5994.json +++ b/2018/5xxx/CVE-2018-5994.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44120", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/44120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44120", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/44120" + } + ] + } +} \ No newline at end of file