From b7c254a37a0fa43a3e7d6a1674a0be1825086189 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:04:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0072.json | 190 ++++++------ 2001/0xxx/CVE-2001-0184.json | 150 +++++----- 2001/0xxx/CVE-2001-0799.json | 150 +++++----- 2001/0xxx/CVE-2001-0986.json | 140 ++++----- 2001/1xxx/CVE-2001-1448.json | 140 ++++----- 2001/1xxx/CVE-2001-1531.json | 140 ++++----- 2008/1xxx/CVE-2008-1813.json | 290 +++++++++---------- 2008/1xxx/CVE-2008-1819.json | 210 +++++++------- 2008/5xxx/CVE-2008-5081.json | 240 ++++++++-------- 2008/5xxx/CVE-2008-5095.json | 150 +++++----- 2008/5xxx/CVE-2008-5366.json | 130 ++++----- 2008/5xxx/CVE-2008-5378.json | 130 ++++----- 2008/5xxx/CVE-2008-5519.json | 310 ++++++++++---------- 2011/2xxx/CVE-2011-2364.json | 240 ++++++++-------- 2011/2xxx/CVE-2011-2456.json | 200 ++++++------- 2011/2xxx/CVE-2011-2912.json | 370 ++++++++++++------------ 2013/0xxx/CVE-2013-0130.json | 130 ++++----- 2013/0xxx/CVE-2013-0383.json | 180 ++++++------ 2013/0xxx/CVE-2013-0755.json | 210 +++++++------- 2013/0xxx/CVE-2013-0875.json | 140 ++++----- 2013/1xxx/CVE-2013-1164.json | 120 ++++---- 2013/1xxx/CVE-2013-1458.json | 34 +-- 2013/1xxx/CVE-2013-1604.json | 160 +++++------ 2013/1xxx/CVE-2013-1609.json | 130 ++++----- 2013/3xxx/CVE-2013-3519.json | 120 ++++---- 2013/3xxx/CVE-2013-3579.json | 120 ++++---- 2013/3xxx/CVE-2013-3660.json | 250 ++++++++-------- 2013/4xxx/CVE-2013-4080.json | 230 +++++++-------- 2013/4xxx/CVE-2013-4633.json | 120 ++++---- 2013/4xxx/CVE-2013-4861.json | 34 +-- 2017/12xxx/CVE-2017-12388.json | 34 +-- 2017/12xxx/CVE-2017-12774.json | 120 ++++---- 2017/12xxx/CVE-2017-12820.json | 152 +++++----- 2017/12xxx/CVE-2017-12964.json | 120 ++++---- 2017/13xxx/CVE-2017-13218.json | 162 +++++------ 2017/13xxx/CVE-2017-13257.json | 174 +++++------ 2017/13xxx/CVE-2017-13383.json | 34 +-- 2017/13xxx/CVE-2017-13400.json | 34 +-- 2017/16xxx/CVE-2017-16017.json | 142 ++++----- 2017/16xxx/CVE-2017-16185.json | 132 ++++----- 2017/16xxx/CVE-2017-16265.json | 34 +-- 2017/16xxx/CVE-2017-16383.json | 140 ++++----- 2017/16xxx/CVE-2017-16385.json | 140 ++++----- 2017/16xxx/CVE-2017-16780.json | 130 ++++----- 2017/16xxx/CVE-2017-16791.json | 34 +-- 2017/17xxx/CVE-2017-17135.json | 512 ++++++++++++++++----------------- 2017/17xxx/CVE-2017-17358.json | 34 +-- 2017/17xxx/CVE-2017-17488.json | 34 +-- 2017/4xxx/CVE-2017-4491.json | 34 +-- 2018/18xxx/CVE-2018-18149.json | 34 +-- 2018/18xxx/CVE-2018-18487.json | 120 ++++---- 2018/18xxx/CVE-2018-18774.json | 140 ++++----- 2018/1xxx/CVE-2018-1630.json | 34 +-- 2018/1xxx/CVE-2018-1914.json | 231 +++++++-------- 2018/5xxx/CVE-2018-5068.json | 140 ++++----- 2018/5xxx/CVE-2018-5437.json | 460 ++++++++++++++--------------- 2018/5xxx/CVE-2018-5472.json | 148 +++++----- 2018/5xxx/CVE-2018-5562.json | 34 +-- 2018/5xxx/CVE-2018-5634.json | 34 +-- 59 files changed, 4367 insertions(+), 4362 deletions(-) diff --git a/2001/0xxx/CVE-2001-0072.json b/2001/0xxx/CVE-2001-0072.json index eb4afc6f532..9649b21ff24 100644 --- a/2001/0xxx/CVE-2001-0072.json +++ b/2001/0xxx/CVE-2001-0072.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2000:131", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-131.html" - }, - { - "name" : "MDKSA-2000-087", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3" - }, - { - "name" : "DSA-010-1", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2000/20001225b" - }, - { - "name" : "CLA-2000:368", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368" - }, - { - "name" : "20001220 Trustix Security Advisory - gnupg, ftpd-BSD", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/152197" - }, - { - "name" : "2153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2153" - }, - { - "name" : "gnupg-reveal-private(5803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803" - }, - { - "name" : "1702", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2000:368", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368" + }, + { + "name": "DSA-010-1", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2000/20001225b" + }, + { + "name": "MDKSA-2000-087", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3" + }, + { + "name": "2153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2153" + }, + { + "name": "RHSA-2000:131", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-131.html" + }, + { + "name": "gnupg-reveal-private(5803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5803" + }, + { + "name": "20001220 Trustix Security Advisory - gnupg, ftpd-BSD", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/152197" + }, + { + "name": "1702", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1702" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0184.json b/2001/0xxx/CVE-2001-0184.json index 5335b264137..e717e9caef0 100644 --- a/2001/0xxx/CVE-2001-0184.json +++ b/2001/0xxx/CVE-2001-0184.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010121 eEye Iris the Network traffic analyser DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0343.html" - }, - { - "name" : "20010122 Re: eEye Iris the Network traffic analyser DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0352.html" - }, - { - "name" : "2278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2278" - }, - { - "name" : "eeye-iris-dos(5981)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010121 eEye Iris the Network traffic analyser DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0343.html" + }, + { + "name": "eeye-iris-dos(5981)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5981" + }, + { + "name": "20010122 Re: eEye Iris the Network traffic analyser DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0352.html" + }, + { + "name": "2278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2278" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0799.json b/2001/0xxx/CVE-2001-0799.json index 997d1c8d33e..bb2f61f1029 100644 --- a/2001/0xxx/CVE-2001-0799.json +++ b/2001/0xxx/CVE-2001-0799.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2", - "refsource" : "MISC", - "url" : "http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2" - }, - { - "name" : "20011003-02-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P" - }, - { - "name" : "8572", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8572" - }, - { - "name" : "irix-lpsched-bo(7641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "irix-lpsched-bo(7641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7641" + }, + { + "name": "20011003-02-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P" + }, + { + "name": "http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2", + "refsource": "MISC", + "url": "http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2" + }, + { + "name": "8572", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8572" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0986.json b/2001/0xxx/CVE-2001-0986.json index 1fbe74b457e..5f464e1c59c 100644 --- a/2001/0xxx/CVE-2001-0986.json +++ b/2001/0xxx/CVE-2001-0986.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010914 Security Vulnerability with Microsoft Index Server 2.0(Sample file reveals file info, physical path etc)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/214217" - }, - { - "name" : "winnt-indexserver-sqlqhit-asp(7125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7125" - }, - { - "name" : "3339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3339" + }, + { + "name": "20010914 Security Vulnerability with Microsoft Index Server 2.0(Sample file reveals file info, physical path etc)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/214217" + }, + { + "name": "winnt-indexserver-sqlqhit-asp(7125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7125" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1448.json b/2001/1xxx/CVE-2001-1448.json index 077bcf756b8..be75f0f643a 100644 --- a/2001/1xxx/CVE-2001-1448.json +++ b/2001/1xxx/CVE-2001-1448.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011217 MAGIC Enterprise Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/246343" - }, - { - "name" : "VU#157795", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/157795" - }, - { - "name" : "magic-edeveloper-tmp-symlink(10616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#157795", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/157795" + }, + { + "name": "magic-edeveloper-tmp-symlink(10616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10616" + }, + { + "name": "20011217 MAGIC Enterprise Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/246343" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1531.json b/2001/1xxx/CVE-2001-1531.json index 05bd3947039..abde963c924 100644 --- a/2001/1xxx/CVE-2001-1531.json +++ b/2001/1xxx/CVE-2001-1531.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011019 Claris Emailer buffer over flow vulnerabirity", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0162.html" - }, - { - "name" : "3454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3454" - }, - { - "name" : "claris-long-filename-bo(7314)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7314.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011019 Claris Emailer buffer over flow vulnerabirity", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0162.html" + }, + { + "name": "3454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3454" + }, + { + "name": "claris-long-filename-bo(7314)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7314.php" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1813.json b/2008/1xxx/CVE-2008-1813.json index a12be5ba5f1..9609ad523d0 100644 --- a/2008/1xxx/CVE-2008-1813.json +++ b/2008/1xxx/CVE-2008-1813.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080416 Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490950/100/0/threaded" - }, - { - "name" : "20080416 Oracle - SQL Injection in package SDO_GEOM [DB06]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490919/100/0/threaded" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_outln_password_change.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_outln_password_change.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" - }, - { - "name" : "ADV-2008-1233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1233/references" - }, - { - "name" : "ADV-2008-1267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1267/references" - }, - { - "name" : "1019855", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019855" - }, - { - "name" : "29874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29874" - }, - { - "name" : "29829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29829" - }, - { - "name" : "oracle-database-corerdbms-unspecified(41992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41992" - }, - { - "name" : "oracle-database-dbmsaq-unspecified(41991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41991" - }, - { - "name" : "oracle-database-queryop-default-password(41995)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41995" - }, - { - "name" : "oracle-database-sdogeom-sql-injection(41993)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41993" - }, - { - "name" : "oracle-cpu-april-2008(41858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" - }, - { - "name" : "oracle-database-export-info-disclosure(41994)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_outln_password_change.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_outln_password_change.html" + }, + { + "name": "oracle-cpu-april-2008(41858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" + }, + { + "name": "ADV-2008-1267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1267/references" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html" + }, + { + "name": "ADV-2008-1233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1233/references" + }, + { + "name": "oracle-database-sdogeom-sql-injection(41993)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41993" + }, + { + "name": "oracle-database-queryop-default-password(41995)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41995" + }, + { + "name": "1019855", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019855" + }, + { + "name": "20080416 Oracle - SQL Injection in package SDO_GEOM [DB06]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490919/100/0/threaded" + }, + { + "name": "29829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29829" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" + }, + { + "name": "oracle-database-export-info-disclosure(41994)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41994" + }, + { + "name": "29874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29874" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded" + }, + { + "name": "oracle-database-corerdbms-unspecified(41992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41992" + }, + { + "name": "oracle-database-dbmsaq-unspecified(41991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41991" + }, + { + "name": "20080416 Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490950/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1819.json b/2008/1xxx/CVE-2008-1819.json index e2a1ad7cd27..c5e6dee082d 100644 --- a/2008/1xxx/CVE-2008-1819.json +++ b/2008/1xxx/CVE-2008-1819.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" - }, - { - "name" : "ADV-2008-1233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1233/references" - }, - { - "name" : "ADV-2008-1267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1267/references" - }, - { - "name" : "1019855", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019855" - }, - { - "name" : "29874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29874" - }, - { - "name" : "29829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29829" - }, - { - "name" : "oracle-cpu-april-2008(41858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" - }, - { - "name" : "oracle-database-net-unspecified(42033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-database-net-unspecified(42033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42033" + }, + { + "name": "oracle-cpu-april-2008(41858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" + }, + { + "name": "ADV-2008-1267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1267/references" + }, + { + "name": "ADV-2008-1233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1233/references" + }, + { + "name": "1019855", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019855" + }, + { + "name": "29829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29829" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" + }, + { + "name": "29874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29874" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5081.json b/2008/5xxx/CVE-2008-5081.json index 2fe50423a42..08c83117c4b 100644 --- a/2008/5xxx/CVE-2008-5081.json +++ b/2008/5xxx/CVE-2008-5081.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7520", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7520" - }, - { - "name" : "http://avahi.org/milestone/Avahi%200.6.24", - "refsource" : "CONFIRM", - "url" : "http://avahi.org/milestone/Avahi%200.6.24" - }, - { - "name" : "[oss-security] 20081214 Avahi daemon DoS (CVE-2008-5081)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/12/14/1" - }, - { - "name" : "DSA-1690", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1690" - }, - { - "name" : "GLSA-200901-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200901-11.xml" - }, - { - "name" : "SUSE-SR:2009:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" - }, - { - "name" : "USN-696-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-696-1" - }, - { - "name" : "32825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32825" - }, - { - "name" : "oval:org.mitre.oval:def:9987", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9987" - }, - { - "name" : "33279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33279" - }, - { - "name" : "33220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33220" - }, - { - "name" : "33475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33475" - }, - { - "name" : "33153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33220" + }, + { + "name": "[oss-security] 20081214 Avahi daemon DoS (CVE-2008-5081)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/12/14/1" + }, + { + "name": "SUSE-SR:2009:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" + }, + { + "name": "33279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33279" + }, + { + "name": "oval:org.mitre.oval:def:9987", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9987" + }, + { + "name": "USN-696-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-696-1" + }, + { + "name": "DSA-1690", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1690" + }, + { + "name": "32825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32825" + }, + { + "name": "7520", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7520" + }, + { + "name": "GLSA-200901-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200901-11.xml" + }, + { + "name": "33153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33153" + }, + { + "name": "33475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33475" + }, + { + "name": "http://avahi.org/milestone/Avahi%200.6.24", + "refsource": "CONFIRM", + "url": "http://avahi.org/milestone/Avahi%200.6.24" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5095.json b/2008/5xxx/CVE-2008-5095.json index 5fb7cdaeaff..6bb0b09fdfa 100644 --- a/2008/5xxx/CVE-2008-5095.json +++ b/2008/5xxx/CVE-2008-5095.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7001157&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7001157&sliceId=1" - }, - { - "name" : "30947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30947" - }, - { - "name" : "1020792", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020792" - }, - { - "name" : "1020793", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30947" + }, + { + "name": "1020792", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020792" + }, + { + "name": "1020793", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020793" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7001157&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7001157&sliceId=1" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5366.json b/2008/5xxx/CVE-2008-5366.json index a100b6ef590..cb33cc3c3cd 100644 --- a/2008/5xxx/CVE-2008-5366.json +++ b/2008/5xxx/CVE-2008-5366.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-devel/2008/08/msg00283.html" - }, - { - "name" : "32740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-devel/2008/08/msg00283.html" + }, + { + "name": "32740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32740" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5378.json b/2008/5xxx/CVE-2008-5378.json index 1155353c970..9eab66e15a4 100644 --- a/2008/5xxx/CVE-2008-5378.json +++ b/2008/5xxx/CVE-2008-5378.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-devel/2008/08/msg00285.html" - }, - { - "name" : "30895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30895" + }, + { + "name": "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-devel/2008/08/msg00285.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5519.json b/2008/5xxx/CVE-2008-5519.json index a2033897f46..593a74a78ef 100644 --- a/2008/5xxx/CVE-2008-5519.json +++ b/2008/5xxx/CVE-2008-5519.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502530/100/0/threaded" - }, - { - "name" : "[tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=tomcat-dev&m=123913700700879" - }, - { - "name" : "[www-announce] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400@apache.org%3E" - }, - { - "name" : "[oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/04/08/10" - }, - { - "name" : "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h", - "refsource" : "CONFIRM", - "url" : "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h" - }, - { - "name" : "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540", - "refsource" : "CONFIRM", - "url" : "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540" - }, - { - "name" : "http://svn.eu.apache.org/viewvc?view=rev&revision=702540", - "refsource" : "CONFIRM", - "url" : "http://svn.eu.apache.org/viewvc?view=rev&revision=702540" - }, - { - "name" : "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html" - }, - { - "name" : "http://tomcat.apache.org/security-jk.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-jk.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=490201", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=490201" - }, - { - "name" : "DSA-1810", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1810" - }, - { - "name" : "RHSA-2009:0446", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0446.html" - }, - { - "name" : "262468", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1" - }, - { - "name" : "SUSE-SR:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" - }, - { - "name" : "34412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34412" - }, - { - "name" : "1022001", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022001" - }, - { - "name" : "34621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34621" - }, - { - "name" : "29283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29283" - }, - { - "name" : "35537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35537" - }, - { - "name" : "ADV-2009-0973", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0973", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0973" + }, + { + "name": "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html" + }, + { + "name": "34621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34621" + }, + { + "name": "SUSE-SR:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" + }, + { + "name": "1022001", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022001" + }, + { + "name": "34412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34412" + }, + { + "name": "[oss-security] 20090408 CVE-2008-5519: mod_jk session information leak vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/04/08/10" + }, + { + "name": "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h", + "refsource": "CONFIRM", + "url": "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_ajp_common.c?r1=702387&r2=702540&pathrev=702540&diff_format=h" + }, + { + "name": "RHSA-2009:0446", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0446.html" + }, + { + "name": "[www-announce] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/www-announce/200904.mbox/%3C49DBBAC0.2080400@apache.org%3E" + }, + { + "name": "http://svn.eu.apache.org/viewvc?view=rev&revision=702540", + "refsource": "CONFIRM", + "url": "http://svn.eu.apache.org/viewvc?view=rev&revision=702540" + }, + { + "name": "[tomcat-dev] 20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://marc.info/?l=tomcat-dev&m=123913700700879" + }, + { + "name": "20090407 [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502530/100/0/threaded" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=490201", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490201" + }, + { + "name": "29283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29283" + }, + { + "name": "http://tomcat.apache.org/security-jk.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-jk.html" + }, + { + "name": "35537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35537" + }, + { + "name": "DSA-1810", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1810" + }, + { + "name": "262468", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262468-1" + }, + { + "name": "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540", + "refsource": "CONFIRM", + "url": "http://svn.eu.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=markup&pathrev=702540" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2364.json b/2011/2xxx/CVE-2011-2364.json index 516e8810848..5390f70f51f 100644 --- a/2011/2xxx/CVE-2011-2364.json +++ b/2011/2xxx/CVE-2011-2364.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-19.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=651990", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=651990" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100144854", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144854" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100145333", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100145333" - }, - { - "name" : "MDVSA-2011:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111" - }, - { - "name" : "RHSA-2011:0885", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0885.html" - }, - { - "name" : "RHSA-2011:0886", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0886.html" - }, - { - "name" : "RHSA-2011:0887", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0887.html" - }, - { - "name" : "RHSA-2011:0888", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0888.html" - }, - { - "name" : "SUSE-SA:2011:028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" - }, - { - "name" : "USN-1149-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1149-1" - }, - { - "name" : "oval:org.mitre.oval:def:13318", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13318" - }, - { - "name" : "45002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13318", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13318" + }, + { + "name": "MDVSA-2011:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111" + }, + { + "name": "45002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45002" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100145333", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100145333" + }, + { + "name": "USN-1149-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1149-1" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144854", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144854" + }, + { + "name": "RHSA-2011:0887", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0887.html" + }, + { + "name": "RHSA-2011:0885", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0885.html" + }, + { + "name": "RHSA-2011:0888", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0888.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-19.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-19.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=651990", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=651990" + }, + { + "name": "SUSE-SA:2011:028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" + }, + { + "name": "RHSA-2011:0886", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0886.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2456.json b/2011/2xxx/CVE-2011-2456.json index 9a3f6ba7bca..e9066bf3db2 100644 --- a/2011/2xxx/CVE-2011-2456.json +++ b/2011/2xxx/CVE-2011-2456.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html" - }, - { - "name" : "GLSA-201204-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml" - }, - { - "name" : "RHSA-2011:1445", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1445.html" - }, - { - "name" : "SUSE-SA:2011:043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html" - }, - { - "name" : "SUSE-SU-2011:1244", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html" - }, - { - "name" : "openSUSE-SU-2011:1240", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html" - }, - { - "name" : "oval:org.mitre.oval:def:14215", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14215" - }, - { - "name" : "oval:org.mitre.oval:def:16046", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16046" - }, - { - "name" : "48819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2011:1240", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html" + }, + { + "name": "SUSE-SA:2011:043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html" + }, + { + "name": "oval:org.mitre.oval:def:14215", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14215" + }, + { + "name": "SUSE-SU-2011:1244", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html" + }, + { + "name": "GLSA-201204-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-07.xml" + }, + { + "name": "RHSA-2011:1445", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1445.html" + }, + { + "name": "oval:org.mitre.oval:def:16046", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16046" + }, + { + "name": "48819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48819" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-28.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2912.json b/2011/2xxx/CVE-2011-2912.json index 04021577266..d67b0bf6a24 100644 --- a/2011/2xxx/CVE-2011-2912.json +++ b/2011/2xxx/CVE-2011-2912.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120810 CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/10/4" - }, - { - "name" : "[oss-security] 20120812 Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/12/4" - }, - { - "name" : "http://jira.atheme.org/browse/AUDPLUG-394", - "refsource" : "CONFIRM", - "url" : "http://jira.atheme.org/browse/AUDPLUG-394" - }, - { - "name" : "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=f4e5295658fff000379caa122e75c9200205fe20", - "refsource" : "CONFIRM", - "url" : "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=f4e5295658fff000379caa122e75c9200205fe20" - }, - { - "name" : "http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/" - }, - { - "name" : "DSA-2415", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2415" - }, - { - "name" : "FEDORA-2011-10503", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063786.html" - }, - { - "name" : "FEDORA-2011-12370", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.html" - }, - { - "name" : "GLSA-201203-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201203-14.xml" - }, - { - "name" : "GLSA-201203-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml" - }, - { - "name" : "RHSA-2011:1264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1264.html" - }, - { - "name" : "openSUSE-SU-2011:0943", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html" - }, - { - "name" : "USN-1255-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1255-1" - }, - { - "name" : "48979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48979" - }, - { - "name" : "74209", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/74209" - }, - { - "name" : "45131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45131" - }, - { - "name" : "45658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45658" - }, - { - "name" : "45742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45742" - }, - { - "name" : "45901", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45901" - }, - { - "name" : "46032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46032" - }, - { - "name" : "46043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46043" - }, - { - "name" : "46793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46793" - }, - { - "name" : "48058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48058" - }, - { - "name" : "48434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48434" - }, - { - "name" : "48439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48439" - }, - { - "name" : "libmodplug-s3m-bo(68984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-12370", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.html" + }, + { + "name": "[oss-security] 20120810 CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/10/4" + }, + { + "name": "DSA-2415", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2415" + }, + { + "name": "http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/modplug-xmms/files/libmodplug/0.8.8.4/" + }, + { + "name": "GLSA-201203-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml" + }, + { + "name": "FEDORA-2011-10503", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063786.html" + }, + { + "name": "45131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45131" + }, + { + "name": "[oss-security] 20120812 Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/12/4" + }, + { + "name": "48058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48058" + }, + { + "name": "46032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46032" + }, + { + "name": "46793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46793" + }, + { + "name": "48439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48439" + }, + { + "name": "45742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45742" + }, + { + "name": "USN-1255-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1255-1" + }, + { + "name": "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=f4e5295658fff000379caa122e75c9200205fe20", + "refsource": "CONFIRM", + "url": "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commitdiff;h=f4e5295658fff000379caa122e75c9200205fe20" + }, + { + "name": "openSUSE-SU-2011:0943", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html" + }, + { + "name": "48434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48434" + }, + { + "name": "libmodplug-s3m-bo(68984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68984" + }, + { + "name": "48979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48979" + }, + { + "name": "GLSA-201203-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-14.xml" + }, + { + "name": "45901", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45901" + }, + { + "name": "RHSA-2011:1264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1264.html" + }, + { + "name": "46043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46043" + }, + { + "name": "http://jira.atheme.org/browse/AUDPLUG-394", + "refsource": "CONFIRM", + "url": "http://jira.atheme.org/browse/AUDPLUG-394" + }, + { + "name": "74209", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/74209" + }, + { + "name": "45658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45658" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0130.json b/2013/0xxx/CVE-2013-0130.json index c016725b4a0..77894172ed1 100644 --- a/2013/0xxx/CVE-2013-0130.json +++ b/2013/0xxx/CVE-2013-0130.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Core FTP before 2.2 build 1769 allow remote FTP servers to execute arbitrary code or cause a denial of service (application crash) via a long directory name in a (1) DELE, (2) LIST, or (3) VIEW command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-0130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.coreftp.com/forums/viewtopic.php?t=222102", - "refsource" : "CONFIRM", - "url" : "http://www.coreftp.com/forums/viewtopic.php?t=222102" - }, - { - "name" : "VU#370868", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/370868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Core FTP before 2.2 build 1769 allow remote FTP servers to execute arbitrary code or cause a denial of service (application crash) via a long directory name in a (1) DELE, (2) LIST, or (3) VIEW command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.coreftp.com/forums/viewtopic.php?t=222102", + "refsource": "CONFIRM", + "url": "http://www.coreftp.com/forums/viewtopic.php?t=222102" + }, + { + "name": "VU#370868", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/370868" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0383.json b/2013/0xxx/CVE-2013-0383.json index fe5b72a1ad5..dd5d244d6c6 100644 --- a/2013/0xxx/CVE-2013-0383.json +++ b/2013/0xxx/CVE-2013-0383.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "RHSA-2013:0219", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0219.html" - }, - { - "name" : "USN-1703-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1703-1" - }, - { - "name" : "oval:org.mitre.oval:def:16758", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16758", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758" + }, + { + "name": "USN-1703-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1703-1" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "RHSA-2013:0219", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0219.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0755.json b/2013/0xxx/CVE-2013-0755.json index 5c171dd5416..646b74d010e 100644 --- a/2013/0xxx/CVE-2013-0755.json +++ b/2013/0xxx/CVE-2013-0755.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-18.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-18.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814027", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814027" - }, - { - "name" : "SUSE-SU-2013:0048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" - }, - { - "name" : "SUSE-SU-2013:0049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0131", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0149", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" - }, - { - "name" : "USN-1681-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-1" - }, - { - "name" : "USN-1681-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-2" - }, - { - "name" : "USN-1681-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-4" - }, - { - "name" : "oval:org.mitre.oval:def:16952", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" + }, + { + "name": "openSUSE-SU-2013:0131", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" + }, + { + "name": "USN-1681-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-4" + }, + { + "name": "oval:org.mitre.oval:def:16952", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16952" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-18.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-18.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=814027", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814027" + }, + { + "name": "SUSE-SU-2013:0049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" + }, + { + "name": "USN-1681-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-1" + }, + { + "name": "openSUSE-SU-2013:0149", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" + }, + { + "name": "USN-1681-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-2" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0875.json b/2013/0xxx/CVE-2013-0875.json index 0e1d9248fe4..91420772bfd 100644 --- a/2013/0xxx/CVE-2013-0875.json +++ b/2013/0xxx/CVE-2013-0875.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1ac0fa50eff30d413206cffa5f47f7fe6d4849b1" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1164.json b/2013/1xxx/CVE-2013-1164.json index 3ccfdff45b8..407819fbdce 100644 --- a/2013/1xxx/CVE-2013-1164.json +++ b/2013/1xxx/CVE-2013-1164.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130410 Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130410 Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1458.json b/2013/1xxx/CVE-2013-1458.json index 2e517b100d8..bedc94cb474 100644 --- a/2013/1xxx/CVE-2013-1458.json +++ b/2013/1xxx/CVE-2013-1458.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1458", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1458", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1604.json b/2013/1xxx/CVE-2013-1604.json index f0cf68c7a04..ca6e6469094 100644 --- a/2013/1xxx/CVE-2013-1604.json +++ b/2013/1xxx/CVE-2013-1604.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25813", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/25813" - }, - { - "name" : "20130528 CORE-2013-0322 - MayGion IP Cameras multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/May/194" - }, - { - "name" : "http://www.coresecurity.com/advisories/maygion-IP-cameras-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/maygion-IP-cameras-multiple-vulnerabilities" - }, - { - "name" : "60192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60192" - }, - { - "name" : "maygion-ipcamera-cve20131604-dir-traversal(84589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "maygion-ipcamera-cve20131604-dir-traversal(84589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84589" + }, + { + "name": "20130528 CORE-2013-0322 - MayGion IP Cameras multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/May/194" + }, + { + "name": "http://www.coresecurity.com/advisories/maygion-IP-cameras-multiple-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/maygion-IP-cameras-multiple-vulnerabilities" + }, + { + "name": "25813", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/25813" + }, + { + "name": "60192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60192" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1609.json b/2013/1xxx/CVE-2013-1609.json index e1a54b61f05..00ff1bfcf78 100644 --- a/2013/1xxx/CVE-2013-1609.json +++ b/2013/1xxx/CVE-2013-1609.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-1609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00" - }, - { - "name" : "58617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00" + }, + { + "name": "58617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58617" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3519.json b/2013/3xxx/CVE-2013-3519.json index e88f6207df1..d8982aee50d 100644 --- a/2013/3xxx/CVE-2013-3519.json +++ b/2013/3xxx/CVE-2013-3519.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2013-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2013-0014.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2013-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2013-0014.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3579.json b/2013/3xxx/CVE-2013-3579.json index 4c5670d8d41..09afa2ca2f9 100644 --- a/2013/3xxx/CVE-2013-3579.json +++ b/2013/3xxx/CVE-2013-3579.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Lookout Mobile Security application before 8.17-8a39d3f for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.lookout.security.ScanTell with zero arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#704828", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/704828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Lookout Mobile Security application before 8.17-8a39d3f for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.lookout.security.ScanTell with zero arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#704828", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/704828" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3660.json b/2013/3xxx/CVE-2013-3660.json index 685a6cc17bf..5e20e6323d0 100644 --- a/2013/3xxx/CVE-2013-3660.json +++ b/2013/3xxx/CVE-2013-3660.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka \"Win32k Read AV Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25611", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/25611/" - }, - { - "name" : "20130517 Re: exploitation ideas under memory pressure", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html" - }, - { - "name" : "20130517 exploitation ideas under memory pressure", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.html" - }, - { - "name" : "20130603 Re: exploitation ideas under memory pressure", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html" - }, - { - "name" : "http://twitter.com/taviso/statuses/309157606247768064", - "refsource" : "MISC", - "url" : "http://twitter.com/taviso/statuses/309157606247768064" - }, - { - "name" : "http://twitter.com/taviso/statuses/335557286657400832", - "refsource" : "MISC", - "url" : "http://twitter.com/taviso/statuses/335557286657400832" - }, - { - "name" : "http://www.computerworld.com/s/article/9239477", - "refsource" : "MISC", - "url" : "http://www.computerworld.com/s/article/9239477" - }, - { - "name" : "http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/", - "refsource" : "MISC", - "url" : "http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/" - }, - { - "name" : "http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw", - "refsource" : "MISC", - "url" : "http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw" - }, - { - "name" : "MS13-053", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053" - }, - { - "name" : "TA13-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" - }, - { - "name" : "93539", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/93539" - }, - { - "name" : "oval:org.mitre.oval:def:17360", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17360" - }, - { - "name" : "53435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka \"Win32k Read AV Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130517 Re: exploitation ideas under memory pressure", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html" + }, + { + "name": "25611", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/25611/" + }, + { + "name": "20130517 exploitation ideas under memory pressure", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.html" + }, + { + "name": "53435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53435" + }, + { + "name": "93539", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/93539" + }, + { + "name": "http://twitter.com/taviso/statuses/309157606247768064", + "refsource": "MISC", + "url": "http://twitter.com/taviso/statuses/309157606247768064" + }, + { + "name": "http://www.computerworld.com/s/article/9239477", + "refsource": "MISC", + "url": "http://www.computerworld.com/s/article/9239477" + }, + { + "name": "http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw", + "refsource": "MISC", + "url": "http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw" + }, + { + "name": "oval:org.mitre.oval:def:17360", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17360" + }, + { + "name": "http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/", + "refsource": "MISC", + "url": "http://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/" + }, + { + "name": "20130603 Re: exploitation ideas under memory pressure", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html" + }, + { + "name": "TA13-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-190A" + }, + { + "name": "MS13-053", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053" + }, + { + "name": "http://twitter.com/taviso/statuses/335557286657400832", + "refsource": "MISC", + "url": "http://twitter.com/taviso/statuses/335557286657400832" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4080.json b/2013/4xxx/CVE-2013-4080.json index b1c781fd58f..15dc8d5c94c 100644 --- a/2013/4xxx/CVE-2013-4080.json +++ b/2013/4xxx/CVE-2013-4080.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-assa_r3.c?r1=49744&r2=49743&pathrev=49744", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-assa_r3.c?r1=49744&r2=49743&pathrev=49744" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49744", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49744" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-38.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-38.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "openSUSE-SU-2013:1084", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html" - }, - { - "name" : "openSUSE-SU-2013:1086", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html" - }, - { - "name" : "60503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60503" - }, - { - "name" : "oval:org.mitre.oval:def:16873", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16873" - }, - { - "name" : "53762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53762" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html" + }, + { + "name": "53762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53762" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-38.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-38.html" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "oval:org.mitre.oval:def:16873", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16873" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "openSUSE-SU-2013:1086", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html" + }, + { + "name": "60503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60503" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49744", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49744" + }, + { + "name": "openSUSE-SU-2013:1084", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-assa_r3.c?r1=49744&r2=49743&pathrev=49744", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-assa_r3.c?r1=49744&r2=49743&pathrev=49744" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4633.json b/2013/4xxx/CVE-2013-4633.json index 81cbb8de9e3..b71a0945e04 100644 --- a/2013/4xxx/CVE-2013-4633.json +++ b/2013/4xxx/CVE-2013-4633.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4861.json b/2013/4xxx/CVE-2013-4861.json index faaa185c379..a7af6b41048 100644 --- a/2013/4xxx/CVE-2013-4861.json +++ b/2013/4xxx/CVE-2013-4861.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4861", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4861", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12388.json b/2017/12xxx/CVE-2017-12388.json index a654abea5f6..90f94beeb64 100644 --- a/2017/12xxx/CVE-2017-12388.json +++ b/2017/12xxx/CVE-2017-12388.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12388", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12388", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12774.json b/2017/12xxx/CVE-2017-12774.json index 151796a78c7..9d7aa9aa9b6 100644 --- a/2017/12xxx/CVE-2017-12774.json +++ b/2017/12xxx/CVE-2017-12774.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "finecms in 1.9.5\\controllers\\member\\ContentController.php allows remote attackers to operate website database" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/yzcrnx/finecms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/yzcrnx/finecms/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "finecms in 1.9.5\\controllers\\member\\ContentController.php allows remote attackers to operate website database" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/yzcrnx/finecms/issues/1", + "refsource": "MISC", + "url": "https://github.com/yzcrnx/finecms/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12820.json b/2017/12xxx/CVE-2017-12820.json index 2f2364d360a..272ac5ea108 100644 --- a/2017/12xxx/CVE-2017-12820.json +++ b/2017/12xxx/CVE-2017-12820.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-12820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE", - "version" : { - "version_data" : [ - { - "version_value" : "7.55" - } - ] - } - } - ] - }, - "vendor_name" : "Gemalto" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary memory read from controlled memory pointer leads to remote denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-12820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE", + "version": { + "version_data": [ + { + "version_value": "7.55" + } + ] + } + } + ] + }, + "vendor_name": "Gemalto" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-006-sentinel-ldk-rte-arbitrary-memory-read-from-controlled-memory-pointer-leads-to-remote-denial-of-service/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-006-sentinel-ldk-rte-arbitrary-memory-read-from-controlled-memory-pointer-leads-to-remote-denial-of-service/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf" - }, - { - "name" : "102906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary memory read from controlled memory pointer leads to remote denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-006-sentinel-ldk-rte-arbitrary-memory-read-from-controlled-memory-pointer-leads-to-remote-denial-of-service/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-006-sentinel-ldk-rte-arbitrary-memory-read-from-controlled-memory-pointer-leads-to-remote-denial-of-service/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf" + }, + { + "name": "102906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102906" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12964.json b/2017/12xxx/CVE-2017-12964.json index bdc7c00306f..bca865fbffe 100644 --- a/2017/12xxx/CVE-2017-12964.json +++ b/2017/12xxx/CVE-2017-12964.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482397", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1482397", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482397" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13218.json b/2017/13xxx/CVE-2017-13218.json index 10e1a6ee13d..dafce8fbce0 100644 --- a/2017/13xxx/CVE-2017-13218.json +++ b/2017/13xxx/CVE-2017-13218.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-06-04T00:00:00", - "ID" : "CVE-2017-13218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Permissions, Privileges and Access control issue in Kernel" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-06-04T00:00:00", + "ID": "CVE-2017-13218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-01-01" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "102390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102390" - }, - { - "name" : "1040106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permissions, Privileges and Access control issue in Kernel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "102390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102390" + }, + { + "name": "https://source.android.com/security/bulletin/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-01-01" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin" + }, + { + "name": "1040106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040106" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13257.json b/2017/13xxx/CVE-2017-13257.json index fb6ad4e17ea..b8fcf96fd4a 100644 --- a/2017/13xxx/CVE-2017-13257.json +++ b/2017/13xxx/CVE-2017-13257.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-13257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-13257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-03-01" - }, - { - "name" : "103253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-03-01" + }, + { + "name": "103253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103253" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13383.json b/2017/13xxx/CVE-2017-13383.json index 001657f7f88..9dd08a30933 100644 --- a/2017/13xxx/CVE-2017-13383.json +++ b/2017/13xxx/CVE-2017-13383.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13383", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13383", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13400.json b/2017/13xxx/CVE-2017-13400.json index a6eb8b45d4e..a75fef238bb 100644 --- a/2017/13xxx/CVE-2017-13400.json +++ b/2017/13xxx/CVE-2017-13400.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13400", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13400", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16017.json b/2017/16xxx/CVE-2017-16017.json index 15e035d3144..80f76a2d390 100644 --- a/2017/16xxx/CVE-2017-16017.json +++ b/2017/16xxx/CVE-2017-16017.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "sanitize-html node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=1.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Generic (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "sanitize-html node module", + "version": { + "version_data": [ + { + "version_value": "<=1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/punkave/sanitize-html/issues/19", - "refsource" : "MISC", - "url" : "https://github.com/punkave/sanitize-html/issues/19" - }, - { - "name" : "https://github.com/punkave/sanitize-html/pull/20", - "refsource" : "MISC", - "url" : "https://github.com/punkave/sanitize-html/pull/20" - }, - { - "name" : "https://nodesecurity.io/advisories/155", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/punkave/sanitize-html/pull/20", + "refsource": "MISC", + "url": "https://github.com/punkave/sanitize-html/pull/20" + }, + { + "name": "https://nodesecurity.io/advisories/155", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/155" + }, + { + "name": "https://github.com/punkave/sanitize-html/issues/19", + "refsource": "MISC", + "url": "https://github.com/punkave/sanitize-html/issues/19" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16185.json b/2017/16xxx/CVE-2017-16185.json index 8b7b8869f7b..e420a3ae833 100644 --- a/2017/16xxx/CVE-2017-16185.json +++ b/2017/16xxx/CVE-2017-16185.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "uekw1511server node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "uekw1511server node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/uekw1511server", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/uekw1511server" - }, - { - "name" : "https://nodesecurity.io/advisories/450", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/450", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/450" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/uekw1511server", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/uekw1511server" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16265.json b/2017/16xxx/CVE-2017-16265.json index 6dbfa5f751e..1c5f09b963c 100644 --- a/2017/16xxx/CVE-2017-16265.json +++ b/2017/16xxx/CVE-2017-16265.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16265", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16265", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16383.json b/2017/16xxx/CVE-2017-16383.json index 0448786b088..5d140643d51 100644 --- a/2017/16xxx/CVE-2017-16383.json +++ b/2017/16xxx/CVE-2017-16383.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101823" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "101823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101823" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16385.json b/2017/16xxx/CVE-2017-16385.json index 254707f3713..0f7da8abd39 100644 --- a/2017/16xxx/CVE-2017-16385.json +++ b/2017/16xxx/CVE-2017-16385.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Access with Incorrect Length Value" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101831" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Access with Incorrect Length Value" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "101831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101831" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16780.json b/2017/16xxx/CVE-2017-16780.json index ddc8c98a56e..3209f0e7262 100644 --- a/2017/16xxx/CVE-2017-16780.json +++ b/2017/16xxx/CVE-2017-16780.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43136", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43136/" - }, - { - "name" : "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/", + "refsource": "CONFIRM", + "url": "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/" + }, + { + "name": "43136", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43136/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16791.json b/2017/16xxx/CVE-2017-16791.json index bcd8c80dbe5..27e9f0db830 100644 --- a/2017/16xxx/CVE-2017-16791.json +++ b/2017/16xxx/CVE-2017-16791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16791", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16791", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17135.json b/2017/17xxx/CVE-2017-17135.json index 00bda7c61e0..1b1d75e6ebe 100644 --- a/2017/17xxx/CVE-2017-17135.json +++ b/2017/17xxx/CVE-2017-17135.json @@ -1,258 +1,258 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-12-06T00:00:00", - "ID" : "CVE-2017-17135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030", - "version" : { - "version_data" : [ - { - "version_value" : "DP300 V500R002C00" - }, - { - "version_value" : "IPS Module V500R001C00" - }, - { - "version_value" : "V500R001C30" - }, - { - "version_value" : "NGFW Module V500R001C00" - }, - { - "version_value" : "V500R002C00" - }, - { - "version_value" : "NIP6300 V500R001C00" - }, - { - "version_value" : "V500R001C30" - }, - { - "version_value" : "NIP6600 V500R001C00" - }, - { - "version_value" : "V500R001C30" - }, - { - "version_value" : "RP200 V500R002C00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "S12700 V200R007C00" - }, - { - "version_value" : "V200R007C01" - }, - { - "version_value" : "V200R008C00" - }, - { - "version_value" : "V200R009C00" - }, - { - "version_value" : "V200R010C00" - }, - { - "version_value" : "S1700 V200R006C10" - }, - { - "version_value" : "V200R009C00" - }, - { - "version_value" : "V200R010C00" - }, - { - "version_value" : "S2700 V200R006C10" - }, - { - "version_value" : "V200R007C00" - }, - { - "version_value" : "V200R008C00" - }, - { - "version_value" : "V200R009C00" - }, - { - "version_value" : "V200R010C00" - }, - { - "version_value" : "S5700 V200R006C00" - }, - { - "version_value" : "V200R007C00" - }, - { - "version_value" : "V200R008C00" - }, - { - "version_value" : "V200R009C00" - }, - { - "version_value" : "V200R010C00" - }, - { - "version_value" : "S6700 V200R008C00" - }, - { - "version_value" : "V200R009C00" - }, - { - "version_value" : "V200R010C00" - }, - { - "version_value" : "S7700 V200R007C00" - }, - { - "version_value" : "V200R008C00" - }, - { - "version_value" : "V200R009C00" - }, - { - "version_value" : "V200R010C00" - }, - { - "version_value" : "S9700 V200R007C00" - }, - { - "version_value" : "V200R007C01" - }, - { - "version_value" : "V200R008C00" - }, - { - "version_value" : "V200R009C00" - }, - { - "version_value" : "V200R010C00" - }, - { - "version_value" : "Secospace USG6300 V500R001C00" - }, - { - "version_value" : "V500R001C30" - }, - { - "version_value" : "Secospace USG6500 V500R001C00" - }, - { - "version_value" : "V500R001C30" - }, - { - "version_value" : "Secospace USG6600 V500R001C00" - }, - { - "version_value" : "V500R001C30S" - }, - { - "version_value" : "TE30 V100R001C02" - }, - { - "version_value" : "V100R001C10" - }, - { - "version_value" : "V500R002C00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "TE40 V500R002C00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "TE50 V500R002C00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "TE60 V100R001C01" - }, - { - "version_value" : "V100R001C10" - }, - { - "version_value" : "V500R002C00" - }, - { - "version_value" : "V600R006C00" - }, - { - "version_value" : "TP3106 V100R002C00" - }, - { - "version_value" : "TP3206 V100R002C00" - }, - { - "version_value" : "V100R002C10" - }, - { - "version_value" : "USG9500 V500R001C00" - }, - { - "version_value" : "V500R001C30" - }, - { - "version_value" : "ViewPoint 9030 V100R011C02" - }, - { - "version_value" : "V100R011C03" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a null pointer reference vulnerability due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter which could cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "null pointer reference" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-12-06T00:00:00", + "ID": "CVE-2017-17135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030", + "version": { + "version_data": [ + { + "version_value": "DP300 V500R002C00" + }, + { + "version_value": "IPS Module V500R001C00" + }, + { + "version_value": "V500R001C30" + }, + { + "version_value": "NGFW Module V500R001C00" + }, + { + "version_value": "V500R002C00" + }, + { + "version_value": "NIP6300 V500R001C00" + }, + { + "version_value": "V500R001C30" + }, + { + "version_value": "NIP6600 V500R001C00" + }, + { + "version_value": "V500R001C30" + }, + { + "version_value": "RP200 V500R002C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "S12700 V200R007C00" + }, + { + "version_value": "V200R007C01" + }, + { + "version_value": "V200R008C00" + }, + { + "version_value": "V200R009C00" + }, + { + "version_value": "V200R010C00" + }, + { + "version_value": "S1700 V200R006C10" + }, + { + "version_value": "V200R009C00" + }, + { + "version_value": "V200R010C00" + }, + { + "version_value": "S2700 V200R006C10" + }, + { + "version_value": "V200R007C00" + }, + { + "version_value": "V200R008C00" + }, + { + "version_value": "V200R009C00" + }, + { + "version_value": "V200R010C00" + }, + { + "version_value": "S5700 V200R006C00" + }, + { + "version_value": "V200R007C00" + }, + { + "version_value": "V200R008C00" + }, + { + "version_value": "V200R009C00" + }, + { + "version_value": "V200R010C00" + }, + { + "version_value": "S6700 V200R008C00" + }, + { + "version_value": "V200R009C00" + }, + { + "version_value": "V200R010C00" + }, + { + "version_value": "S7700 V200R007C00" + }, + { + "version_value": "V200R008C00" + }, + { + "version_value": "V200R009C00" + }, + { + "version_value": "V200R010C00" + }, + { + "version_value": "S9700 V200R007C00" + }, + { + "version_value": "V200R007C01" + }, + { + "version_value": "V200R008C00" + }, + { + "version_value": "V200R009C00" + }, + { + "version_value": "V200R010C00" + }, + { + "version_value": "Secospace USG6300 V500R001C00" + }, + { + "version_value": "V500R001C30" + }, + { + "version_value": "Secospace USG6500 V500R001C00" + }, + { + "version_value": "V500R001C30" + }, + { + "version_value": "Secospace USG6600 V500R001C00" + }, + { + "version_value": "V500R001C30S" + }, + { + "version_value": "TE30 V100R001C02" + }, + { + "version_value": "V100R001C10" + }, + { + "version_value": "V500R002C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "TE40 V500R002C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "TE50 V500R002C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "TE60 V100R001C01" + }, + { + "version_value": "V100R001C10" + }, + { + "version_value": "V500R002C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "TP3106 V100R002C00" + }, + { + "version_value": "TP3206 V100R002C00" + }, + { + "version_value": "V100R002C10" + }, + { + "version_value": "USG9500 V500R001C00" + }, + { + "version_value": "V500R001C30" + }, + { + "version_value": "ViewPoint 9030 V100R011C02" + }, + { + "version_value": "V100R011C03" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a null pointer reference vulnerability due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter which could cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "null pointer reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17358.json b/2017/17xxx/CVE-2017-17358.json index 0632a885df4..0c70d049394 100644 --- a/2017/17xxx/CVE-2017-17358.json +++ b/2017/17xxx/CVE-2017-17358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17358", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17358", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17488.json b/2017/17xxx/CVE-2017-17488.json index b324679e0b2..1f798a0b845 100644 --- a/2017/17xxx/CVE-2017-17488.json +++ b/2017/17xxx/CVE-2017-17488.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17488", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17488", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4491.json b/2017/4xxx/CVE-2017-4491.json index a34dcbb86fd..b2a81199336 100644 --- a/2017/4xxx/CVE-2017-4491.json +++ b/2017/4xxx/CVE-2017-4491.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4491", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4491", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18149.json b/2018/18xxx/CVE-2018-18149.json index 6951f2afcf1..8b70bfe91a4 100644 --- a/2018/18xxx/CVE-2018-18149.json +++ b/2018/18xxx/CVE-2018-18149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18149", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18149", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18487.json b/2018/18xxx/CVE-2018-18487.json index cb4d089a847..69b642d7c62 100644 --- a/2018/18xxx/CVE-2018-18487.json +++ b/2018/18xxx/CVE-2018-18487.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In \\lib\\admin\\action\\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunu11.com/2018/10/18/glxcms/", - "refsource" : "MISC", - "url" : "http://sunu11.com/2018/10/18/glxcms/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In \\lib\\admin\\action\\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sunu11.com/2018/10/18/glxcms/", + "refsource": "MISC", + "url": "http://sunu11.com/2018/10/18/glxcms/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18774.json b/2018/18xxx/CVE-2018-18774.json index 98dffe474d7..cf479bf7449 100644 --- a/2018/18xxx/CVE-2018-18774.json +++ b/2018/18xxx/CVE-2018-18774.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45822", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45822/" - }, - { - "name" : "http://packetstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-Root-Account-Takeover-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-Root-Account-Takeover-Command-Execution.html" - }, - { - "name" : "http://packetstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-XSS-CSRF-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-XSS-CSRF-Code-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45822", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45822/" + }, + { + "name": "http://packetstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-XSS-CSRF-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-XSS-CSRF-Code-Execution.html" + }, + { + "name": "http://packetstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-Root-Account-Takeover-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150169/CentOS-Web-Panel-0.9.8.740-Root-Account-Takeover-Command-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1630.json b/2018/1xxx/CVE-2018-1630.json index 2cf548bff65..9184a245a01 100644 --- a/2018/1xxx/CVE-2018-1630.json +++ b/2018/1xxx/CVE-2018-1630.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1630", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1630", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1914.json b/2018/1xxx/CVE-2018-1914.json index 690e72f2ae3..13cf472c699 100644 --- a/2018/1xxx/CVE-2018-1914.json +++ b/2018/1xxx/CVE-2018-1914.json @@ -1,115 +1,120 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-08T00:00:00", - "ID" : "CVE-2018-1914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Engineering Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152738." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-03-08T00:00:00", + "ID": "CVE-2018-1914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Engineering Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875372", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875372" - }, - { - "name" : "ibm-relm-cve20181914-xss(152738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152738." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "107423", + "url": "http://www.securityfocus.com/bid/107423" + }, + { + "name": "ibm-relm-cve20181914-xss(152738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152738" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875372", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875372" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5068.json b/2018/5xxx/CVE-2018-5068.json index 733b559c907..059ac74bfeb 100644 --- a/2018/5xxx/CVE-2018-5068.json +++ b/2018/5xxx/CVE-2018-5068.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5437.json b/2018/5xxx/CVE-2018-5437.json index 27754d98b49..73dcf3906f5 100644 --- a/2018/5xxx/CVE-2018-5437.json +++ b/2018/5xxx/CVE-2018-5437.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2018-06-26T16:00:00.000Z", - "ID" : "CVE-2018-5437", - "STATE" : "PUBLIC", - "TITLE" : "TIBCO Spotfire Product Family Information Disclosure Vulnerability", - "UPDATED" : "2018-06-28T18:00:00.000Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIBCO Spotfire Analyst", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "7.8.0" - }, - { - "affected" : "=", - "version_value" : "7.9.0" - }, - { - "affected" : "=", - "version_value" : "7.9.1" - }, - { - "affected" : "=", - "version_value" : "7.10.0" - }, - { - "affected" : "=", - "version_value" : "7.10.1" - }, - { - "affected" : "=", - "version_value" : "7.11.0" - }, - { - "affected" : "=", - "version_value" : "7.12.0" - } - ] - } - }, - { - "product_name" : "TIBCO Spotfire Analytics Platform for AWS Marketplace", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "7.12.0" - } - ] - } - }, - { - "product_name" : "TIBCO Spotfire Deployment Kit", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "7.8.0" - }, - { - "affected" : "=", - "version_value" : "7.9.0" - }, - { - "affected" : "=", - "version_value" : "7.9.1" - }, - { - "affected" : "=", - "version_value" : "7.10.0" - }, - { - "affected" : "=", - "version_value" : "7.10.1" - }, - { - "affected" : "=", - "version_value" : "7.11.0" - }, - { - "affected" : "=", - "version_value" : "7.12.0" - } - ] - } - }, - { - "product_name" : "TIBCO Spotfire Desktop", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "7.8.0" - }, - { - "affected" : "=", - "version_value" : "7.9.0" - }, - { - "affected" : "=", - "version_value" : "7.9.1" - }, - { - "affected" : "=", - "version_value" : "7.10.0" - }, - { - "affected" : "=", - "version_value" : "7.10.1" - }, - { - "affected" : "=", - "version_value" : "7.11.0" - }, - { - "affected" : "=", - "version_value" : "7.12.0" - } - ] - } - }, - { - "product_name" : "TIBCO Spotfire Desktop Language Packs", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "7.8.0" - }, - { - "affected" : "=", - "version_value" : "7.9.0" - }, - { - "affected" : "=", - "version_value" : "7.9.1" - }, - { - "affected" : "=", - "version_value" : "7.10.0" - }, - { - "affected" : "=", - "version_value" : "7.10.1" - }, - { - "affected" : "=", - "version_value" : "7.11.0" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.8, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to additional confidential information, including credentials to access additional resources." - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2018-06-26T16:00:00.000Z", + "ID": "CVE-2018-5437", + "STATE": "PUBLIC", + "TITLE": "TIBCO Spotfire Product Family Information Disclosure Vulnerability", + "UPDATED": "2018-06-28T18:00:00.000Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Spotfire Analyst", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "7.8.0" + }, + { + "affected": "=", + "version_value": "7.9.0" + }, + { + "affected": "=", + "version_value": "7.9.1" + }, + { + "affected": "=", + "version_value": "7.10.0" + }, + { + "affected": "=", + "version_value": "7.10.1" + }, + { + "affected": "=", + "version_value": "7.11.0" + }, + { + "affected": "=", + "version_value": "7.12.0" + } + ] + } + }, + { + "product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "7.12.0" + } + ] + } + }, + { + "product_name": "TIBCO Spotfire Deployment Kit", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "7.8.0" + }, + { + "affected": "=", + "version_value": "7.9.0" + }, + { + "affected": "=", + "version_value": "7.9.1" + }, + { + "affected": "=", + "version_value": "7.10.0" + }, + { + "affected": "=", + "version_value": "7.10.1" + }, + { + "affected": "=", + "version_value": "7.11.0" + }, + { + "affected": "=", + "version_value": "7.12.0" + } + ] + } + }, + { + "product_name": "TIBCO Spotfire Desktop", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "7.8.0" + }, + { + "affected": "=", + "version_value": "7.9.0" + }, + { + "affected": "=", + "version_value": "7.9.1" + }, + { + "affected": "=", + "version_value": "7.10.0" + }, + { + "affected": "=", + "version_value": "7.10.1" + }, + { + "affected": "=", + "version_value": "7.11.0" + }, + { + "affected": "=", + "version_value": "7.12.0" + } + ] + } + }, + { + "product_name": "TIBCO Spotfire Desktop Language Packs", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "7.8.0" + }, + { + "affected": "=", + "version_value": "7.9.0" + }, + { + "affected": "=", + "version_value": "7.9.1" + }, + { + "affected": "=", + "version_value": "7.10.0" + }, + { + "affected": "=", + "version_value": "7.10.1" + }, + { + "affected": "=", + "version_value": "7.11.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/services/support/advisories", - "refsource" : "MISC", - "url" : "http://www.tibco.com/services/support/advisories" - }, - { - "name" : "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "TIBCO has released updated versions of the affected components which address these issues. When upgrading to one of the new versions some previously working functionality will be disabled by default and require configuration. Please review the README and other documentation for further information. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher\n" - } - ], - "source" : { - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to additional confidential information, including credentials to access additional resources." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437" + }, + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "MISC", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues. When upgrading to one of the new versions some previously working functionality will be disabled by default and require configuration. Please review the README and other documentation for further information. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher\n" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5472.json b/2018/5xxx/CVE-2018-5472.json index 69ff8ca0dfc..650bbeb10bc 100644 --- a/2018/5xxx/CVE-2018-5472.json +++ b/2018/5xxx/CVE-2018-5472.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-02-27T00:00:00", - "ID" : "CVE-2018-5472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Philips IntelliSpace Portal", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.x" - }, - { - "version_value" : "7.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Philips" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-02-27T00:00:00", + "ID": "CVE-2018-5472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Philips IntelliSpace Portal", + "version": { + "version_data": [ + { + "version_value": "8.0.x" + }, + { + "version_value": "7.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Philips" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", - "refsource" : "CONFIRM", - "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" - }, - { - "name" : "103182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource": "CONFIRM", + "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" + }, + { + "name": "103182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103182" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5562.json b/2018/5xxx/CVE-2018-5562.json index 3b472c9f103..49ff80063b6 100644 --- a/2018/5xxx/CVE-2018-5562.json +++ b/2018/5xxx/CVE-2018-5562.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5562", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5562", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5634.json b/2018/5xxx/CVE-2018-5634.json index a910deb300b..f3c1bfdccc8 100644 --- a/2018/5xxx/CVE-2018-5634.json +++ b/2018/5xxx/CVE-2018-5634.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5634", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5634", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file