diff --git a/2001/0xxx/CVE-2001-0259.json b/2001/0xxx/CVE-2001-0259.json index faec31220fd..d7ef412a90f 100644 --- a/2001/0xxx/CVE-2001-0259.json +++ b/2001/0xxx/CVE-2001-0259.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010116 Bug in SSH1 secure-RPC support can expose users' private keys", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html" - }, - { - "name" : "http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html", - "refsource" : "CONFIRM", - "url" : "http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html" - }, - { - "name" : "2222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2222" - }, - { - "name" : "ssh-rpc-private-key(5963)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html", + "refsource": "CONFIRM", + "url": "http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html" + }, + { + "name": "2222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2222" + }, + { + "name": "20010116 Bug in SSH1 secure-RPC support can expose users' private keys", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html" + }, + { + "name": "ssh-rpc-private-key(5963)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5963" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0755.json b/2001/0xxx/CVE-2001-0755.json index 29ac56c3630..3c016083528 100644 --- a/2001/0xxx/CVE-2001-0755.json +++ b/2001/0xxx/CVE-2001-0755.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010518 Tamersahin.net Security Announcement: Debian 2.2 is 2.2r3 Ftpd Daemon Buffer Owerflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0188.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010518 Tamersahin.net Security Announcement: Debian 2.2 is 2.2r3 Ftpd Daemon Buffer Owerflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0188.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0802.json b/2001/0xxx/CVE-2001-0802.json index f5b0a758aff..cd107800816 100644 --- a/2001/0xxx/CVE-2001-0802.json +++ b/2001/0xxx/CVE-2001-0802.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0802", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2001-0802", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0817.json b/2001/0xxx/CVE-2001-0817.json index 859d1b82370..761b7adb93f 100644 --- a/2001/0xxx/CVE-2001-0817.json +++ b/2001/0xxx/CVE-2001-0817.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011120 Remote Logic Flaw Vulnerability in HP-UX Line Printer Daemon", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise102.php" - }, - { - "name" : "HPSBUX0111-176", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q4/0047.html" - }, - { - "name" : "CA-2001-32", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-32.html" - }, - { - "name" : "VU#638011", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/638011" - }, - { - "name" : "M-021", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-021.shtml" - }, - { - "name" : "3561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3561" - }, - { - "name" : "hpux-rlpdaemon-logic-flaw(7234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011120 Remote Logic Flaw Vulnerability in HP-UX Line Printer Daemon", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise102.php" + }, + { + "name": "3561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3561" + }, + { + "name": "CA-2001-32", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-32.html" + }, + { + "name": "M-021", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-021.shtml" + }, + { + "name": "HPSBUX0111-176", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q4/0047.html" + }, + { + "name": "VU#638011", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/638011" + }, + { + "name": "hpux-rlpdaemon-logic-flaw(7234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7234" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0823.json b/2001/0xxx/CVE-2001-0823.json index b05fd0cf29d..8838e1f07d5 100644 --- a/2001/0xxx/CVE-2001-0823.json +++ b/2001/0xxx/CVE-2001-0823.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010618 pmpost - another nice symlink follower", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99290754901708&w=2" - }, - { - "name" : "20010619 Re: pmpost - another nice symlink follower", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html" - }, - { - "name" : "20010601-01-A", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A" - }, - { - "name" : "irix-pcp-pmpost-symlink(6724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724" - }, - { - "name" : "2887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010618 pmpost - another nice symlink follower", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99290754901708&w=2" + }, + { + "name": "20010619 Re: pmpost - another nice symlink follower", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html" + }, + { + "name": "2887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2887" + }, + { + "name": "irix-pcp-pmpost-symlink(6724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724" + }, + { + "name": "20010601-01-A", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0959.json b/2001/0xxx/CVE-2001-0959.json index 9f894e9121f..0cae38f2be8 100644 --- a/2001/0xxx/CVE-2001-0959.json +++ b/2001/0xxx/CVE-2001-0959.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010915 ARCserve 6.61 Share Access Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html" - }, - { - "name" : "http://support.ca.com/Download/patches/asitnt/QO00945.html", - "refsource" : "MISC", - "url" : "http://support.ca.com/Download/patches/asitnt/QO00945.html" - }, - { - "name" : "3342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3342" - }, - { - "name" : "arcserve-aremote-plaintext(7122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7122" - }, - { - "name" : "5483", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010915 ARCserve 6.61 Share Access Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html" + }, + { + "name": "5483", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5483" + }, + { + "name": "arcserve-aremote-plaintext(7122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7122" + }, + { + "name": "3342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3342" + }, + { + "name": "http://support.ca.com/Download/patches/asitnt/QO00945.html", + "refsource": "MISC", + "url": "http://support.ca.com/Download/patches/asitnt/QO00945.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1377.json b/2001/1xxx/CVE-2001-1377.json index aec31e62a2c..541fe1ae1a2 100644 --- a/2001/1xxx/CVE-2001-1377.json +++ b/2001/1xxx/CVE-2001-1377.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101537153021792&w=2" - }, - { - "name" : "VU#936683", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/936683" - }, - { - "name" : "CA-2002-06", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-06.html" - }, - { - "name" : "FreeBSD-SN-02:02", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc" - }, - { - "name" : "RHSA-2002:030", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-030.html" - }, - { - "name" : "SuSE-SA:2002:013", - "refsource" : "SUSE", - "url" : "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html" - }, - { - "name" : "CLA-2002:466", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466" - }, - { - "name" : "radius-vendor-attribute-dos(8354)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8354.php" - }, - { - "name" : "4230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2002:030", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-030.html" + }, + { + "name": "radius-vendor-attribute-dos(8354)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8354.php" + }, + { + "name": "VU#936683", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/936683" + }, + { + "name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101537153021792&w=2" + }, + { + "name": "SuSE-SA:2002:013", + "refsource": "SUSE", + "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html" + }, + { + "name": "4230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4230" + }, + { + "name": "CLA-2002:466", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466" + }, + { + "name": "CA-2002-06", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-06.html" + }, + { + "name": "FreeBSD-SN-02:02", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1007.json b/2008/1xxx/CVE-2008-1007.json index fa683d47bb0..a42e94a91fe 100644 --- a/2008/1xxx/CVE-2008-1007.json +++ b/2008/1xxx/CVE-2008-1007.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307563", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307563" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html" - }, - { - "name" : "TA08-079A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" - }, - { - "name" : "28335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28335" - }, - { - "name" : "28290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28290" - }, - { - "name" : "ADV-2008-0920", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0920/references" - }, - { - "name" : "1019653", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019653" - }, - { - "name" : "29393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29393" - }, - { - "name" : "safari-navigation-policy-security-bypass(41324)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019653", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019653" + }, + { + "name": "TA08-079A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" + }, + { + "name": "safari-navigation-policy-security-bypass(41324)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41324" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html" + }, + { + "name": "28290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28290" + }, + { + "name": "28335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28335" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307563", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307563" + }, + { + "name": "ADV-2008-0920", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0920/references" + }, + { + "name": "29393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29393" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1169.json b/2008/1xxx/CVE-2008-1169.json index 22e9e8561c0..8ec318ef484 100644 --- a/2008/1xxx/CVE-2008-1169.json +++ b/2008/1xxx/CVE-2008-1169.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a \"..\\\" (dot dot backslash) or \"../\" (dot dot forward slash) in the GET command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/scichatdt-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/scichatdt-adv.txt" - }, - { - "name" : "27872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27872" - }, - { - "name" : "ADV-2008-0614", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0614" - }, - { - "name" : "photochat-get-directory-traversal(40655)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a \"..\\\" (dot dot backslash) or \"../\" (dot dot forward slash) in the GET command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0614", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0614" + }, + { + "name": "http://aluigi.altervista.org/adv/scichatdt-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/scichatdt-adv.txt" + }, + { + "name": "photochat-get-directory-traversal(40655)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40655" + }, + { + "name": "27872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27872" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1662.json b/2008/1xxx/CVE-2008-1662.json index 393249925e6..31849963b85 100644 --- a/2008/1xxx/CVE-2008-1662.json +++ b/2008/1xxx/CVE-2008-1662.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an \"empty systems list.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02286", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01367453" - }, - { - "name" : "SSRT071466", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01367453" - }, - { - "name" : "30449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30449" - }, - { - "name" : "oval:org.mitre.oval:def:5814", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5814" - }, - { - "name" : "ADV-2008-2258", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2258" - }, - { - "name" : "1020580", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020580" - }, - { - "name" : "31309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31309" - }, - { - "name" : "hp-hpux-sam-weak-security(44119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an \"empty systems list.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31309" + }, + { + "name": "30449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30449" + }, + { + "name": "1020580", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020580" + }, + { + "name": "SSRT071466", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01367453" + }, + { + "name": "oval:org.mitre.oval:def:5814", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5814" + }, + { + "name": "hp-hpux-sam-weak-security(44119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44119" + }, + { + "name": "HPSBUX02286", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01367453" + }, + { + "name": "ADV-2008-2258", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2258" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5319.json b/2008/5xxx/CVE-2008-5319.json index dd49fb1cd9c..2ba69c7355d 100644 --- a/2008/5xxx/CVE-2008-5319.json +++ b/2008/5xxx/CVE-2008-5319.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://info.tikiwiki.org/tiki-read_article.php?articleId=41", - "refsource" : "CONFIRM", - "url" : "http://info.tikiwiki.org/tiki-read_article.php?articleId=41" - }, - { - "name" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup", - "refsource" : "CONFIRM", - "url" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup" - }, - { - "name" : "31857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31857" - }, - { - "name" : "50058", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50058" - }, - { - "name" : "32341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32341" - }, - { - "name" : "ADV-2008-2889", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2889" - }, - { - "name" : "tikiwikicms-tikierror-unspecified(47106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50058", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50058" + }, + { + "name": "31857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31857" + }, + { + "name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41", + "refsource": "CONFIRM", + "url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41" + }, + { + "name": "ADV-2008-2889", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2889" + }, + { + "name": "32341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32341" + }, + { + "name": "tikiwikicms-tikierror-unspecified(47106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47106" + }, + { + "name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup", + "refsource": "CONFIRM", + "url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5344.json b/2008/5xxx/CVE-2008-5344.json index 6c69701f440..82adb2e8558 100644 --- a/2008/5xxx/CVE-2008-5344.json +++ b/2008/5xxx/CVE-2008-5344.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" - }, - { - "name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", - "refsource" : "CONFIRM", - "url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBUX02411", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2" - }, - { - "name" : "SSRT080111", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2" - }, - { - "name" : "HPSBMA02486", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2" - }, - { - "name" : "SSRT090049", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2" - }, - { - "name" : "RHSA-2008:1018", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-1018.html" - }, - { - "name" : "RHSA-2008:1025", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-1025.html" - }, - { - "name" : "RHSA-2009:0015", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0015.html" - }, - { - "name" : "RHSA-2009:0016", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0016.html" - }, - { - "name" : "RHSA-2009:0445", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0445.html" - }, - { - "name" : "244988", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1" - }, - { - "name" : "SUSE-SA:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html" - }, - { - "name" : "SUSE-SA:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "TA08-340A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" - }, - { - "name" : "50513", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50513" - }, - { - "name" : "oval:org.mitre.oval:def:6249", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6249" - }, - { - "name" : "34233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34233" - }, - { - "name" : "34605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34605" - }, - { - "name" : "34889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34889" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "38539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38539" - }, - { - "name" : "ADV-2008-3339", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3339" - }, - { - "name" : "32991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32991" - }, - { - "name" : "33015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33015" - }, - { - "name" : "33710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33710" - }, - { - "name" : "33528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33528" - }, - { - "name" : "ADV-2009-0672", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0672" - }, - { - "name" : "jre-appletclass-security-bypass(47057)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50513", + "refsource": "OSVDB", + "url": "http://osvdb.org/50513" + }, + { + "name": "SSRT090049", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2" + }, + { + "name": "SUSE-SA:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html" + }, + { + "name": "ADV-2009-0672", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0672" + }, + { + "name": "RHSA-2008:1018", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html" + }, + { + "name": "33015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33015" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm" + }, + { + "name": "34889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34889" + }, + { + "name": "34233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34233" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", + "refsource": "CONFIRM", + "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm" + }, + { + "name": "SUSE-SA:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html" + }, + { + "name": "SSRT080111", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2" + }, + { + "name": "38539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38539" + }, + { + "name": "jre-appletclass-security-bypass(47057)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47057" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "33528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33528" + }, + { + "name": "RHSA-2008:1025", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-1025.html" + }, + { + "name": "HPSBMA02486", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2" + }, + { + "name": "ADV-2008-3339", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3339" + }, + { + "name": "HPSBUX02411", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2" + }, + { + "name": "RHSA-2009:0445", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0445.html" + }, + { + "name": "RHSA-2009:0016", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0016.html" + }, + { + "name": "TA08-340A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" + }, + { + "name": "34605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34605" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "RHSA-2009:0015", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0015.html" + }, + { + "name": "32991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32991" + }, + { + "name": "244988", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "33710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33710" + }, + { + "name": "oval:org.mitre.oval:def:6249", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6249" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5747.json b/2008/5xxx/CVE-2008-5747.json index 551f42592b3..b83fe0bf482 100644 --- a/2008/5xxx/CVE-2008-5747.json +++ b/2008/5xxx/CVE-2008-5747.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a \"corrupted\" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081210 [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499083" - }, - { - "name" : "20081216 Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499305/100/0/threaded" - }, - { - "name" : "20081222 Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499501/100/0/threaded" - }, - { - "name" : "http://www.ivizsecurity.com/security-advisory-iviz-sr-08016.html", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/security-advisory-iviz-sr-08016.html" - }, - { - "name" : "GLSA-200904-14", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-14.xml" - }, - { - "name" : "32753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32753" - }, - { - "name" : "34700", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34700" - }, - { - "name" : "4822", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a \"corrupted\" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081210 [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499083" + }, + { + "name": "20081222 Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499501/100/0/threaded" + }, + { + "name": "32753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32753" + }, + { + "name": "GLSA-200904-14", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-14.xml" + }, + { + "name": "34700", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34700" + }, + { + "name": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08016.html", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08016.html" + }, + { + "name": "4822", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4822" + }, + { + "name": "20081216 Re: [IVIZ-08-016] F-Secure f-prot Antivirus for Linux corrupted ELF header Security Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499305/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5766.json b/2008/5xxx/CVE-2008-5766.json index 0d86f5df5ad..6b757730ccc 100644 --- a/2008/5xxx/CVE-2008-5766.json +++ b/2008/5xxx/CVE-2008-5766.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7487", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7487" - }, - { - "name" : "32858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32858" - }, - { - "name" : "4830", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4830" - }, - { - "name" : "faupload-download-sql-injection(47394)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32858" + }, + { + "name": "7487", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7487" + }, + { + "name": "faupload-download-sql-injection(47394)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47394" + }, + { + "name": "4830", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4830" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5999.json b/2008/5xxx/CVE-2008-5999.json index e5dbaa655de..7b3d5351d88 100644 --- a/2008/5xxx/CVE-2008-5999.json +++ b/2008/5xxx/CVE-2008-5999.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/312968", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/312968" - }, - { - "name" : "32009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32009" - }, - { - "name" : "ajaxchecklist-unspecified-xss(45412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32009" + }, + { + "name": "http://drupal.org/node/312968", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/312968" + }, + { + "name": "ajaxchecklist-unspecified-xss(45412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45412" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2132.json b/2011/2xxx/CVE-2011-2132.json index d0d499b41e1..a57d31abf6c 100644 --- a/2011/2xxx/CVE-2011-2132.json +++ b/2011/2xxx/CVE-2011-2132.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, allows attackers to cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-20.html" - }, - { - "name" : "TA11-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, allows attackers to cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-20.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2477.json b/2011/2xxx/CVE-2011-2477.json index 3ede69ac85a..b644623722c 100644 --- a/2011/2xxx/CVE-2011-2477.json +++ b/2011/2xxx/CVE-2011-2477.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://dev.icinga.org/issues/1605", - "refsource" : "CONFIRM", - "url" : "https://dev.icinga.org/issues/1605" - }, - { - "name" : "icinga-config-xss(68056)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://dev.icinga.org/issues/1605", + "refsource": "CONFIRM", + "url": "https://dev.icinga.org/issues/1605" + }, + { + "name": "icinga-config-xss(68056)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68056" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2987.json b/2011/2xxx/CVE-2011-2987.json index ca3c8249e1b..58ae6d4f5f5 100644 --- a/2011/2xxx/CVE-2011-2987.json +++ b/2011/2xxx/CVE-2011-2987.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665934", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665934" - }, - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html" - }, - { - "name" : "SUSE-SA:2011:037", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" - }, - { - "name" : "49226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49226" - }, - { - "name" : "oval:org.mitre.oval:def:14285", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14285" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html" + }, + { + "name": "49226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49226" + }, + { + "name": "SUSE-SA:2011:037", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "oval:org.mitre.oval:def:14285", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14285" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=665934", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665934" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0354.json b/2013/0xxx/CVE-2013-0354.json index 5a2ce29e8f4..5eb2d1e8782 100644 --- a/2013/0xxx/CVE-2013-0354.json +++ b/2013/0xxx/CVE-2013-0354.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0685.json b/2013/0xxx/CVE-2013-0685.json index a97ff606d3a..45678de6b67 100644 --- a/2013/0xxx/CVE-2013-0685.json +++ b/2013/0xxx/CVE-2013-0685.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-0685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-113-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-113-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-113-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-113-01" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1113.json b/2013/1xxx/CVE-2013-1113.json index 24124e5a488..d1ae2b3a238 100644 --- a/2013/1xxx/CVE-2013-1113.json +++ b/2013/1xxx/CVE-2013-1113.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130125 Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1113" - }, - { - "name" : "57567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57567" - }, - { - "name" : "89608", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89608" - }, - { - "name" : "51954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51954" - }, - { - "name" : "cucdm-unspec-xss(81529)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "89608", + "refsource": "OSVDB", + "url": "http://osvdb.org/89608" + }, + { + "name": "57567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57567" + }, + { + "name": "51954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51954" + }, + { + "name": "20130125 Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1113" + }, + { + "name": "cucdm-unspec-xss(81529)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81529" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1326.json b/2013/1xxx/CVE-2013-1326.json index 07d9efa0f3f..2bd87c95e3b 100644 --- a/2013/1xxx/CVE-2013-1326.json +++ b/2013/1xxx/CVE-2013-1326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1326", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-1326", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1574.json b/2013/1xxx/CVE-2013-1574.json index a833f80256a..5b4db4071c8 100644 --- a/2013/1xxx/CVE-2013-1574.json +++ b/2013/1xxx/CVE-2013-1574.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-bthci_cmd.c?r1=46345&r2=46344&pathrev=46345", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-bthci_cmd.c?r1=46345&r2=46344&pathrev=46345" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46345", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46345" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-01.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8038", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8038" - }, - { - "name" : "openSUSE-SU-2013:0276", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html" - }, - { - "name" : "openSUSE-SU-2013:0285", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html" - }, - { - "name" : "oval:org.mitre.oval:def:16323", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46345", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46345" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-01.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-01.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8038", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8038" + }, + { + "name": "openSUSE-SU-2013:0285", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html" + }, + { + "name": "oval:org.mitre.oval:def:16323", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16323" + }, + { + "name": "openSUSE-SU-2013:0276", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-bthci_cmd.c?r1=46345&r2=46344&pathrev=46345", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-bthci_cmd.c?r1=46345&r2=46344&pathrev=46345" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1785.json b/2013/1xxx/CVE-2013-1785.json index 733f69f5b45..e35810a9ae9 100644 --- a/2013/1xxx/CVE-2013-1785.json +++ b/2013/1xxx/CVE-2013-1785.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130227 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/28/3" - }, - { - "name" : "http://drupal.org/node/1929508", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1929508" - }, - { - "name" : "http://drupal.org/node/1730752", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1730752" - }, - { - "name" : "http://drupalcode.org/project/responsive.git/commitdiff/1c6fa91", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/responsive.git/commitdiff/1c6fa91" - }, - { - "name" : "http://drupalcode.org/project/responsive.git/commitdiff/6b593ff", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/responsive.git/commitdiff/6b593ff" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1929508", + "refsource": "MISC", + "url": "http://drupal.org/node/1929508" + }, + { + "name": "http://drupalcode.org/project/responsive.git/commitdiff/1c6fa91", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/responsive.git/commitdiff/1c6fa91" + }, + { + "name": "[oss-security] 20130227 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/28/3" + }, + { + "name": "http://drupal.org/node/1730752", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1730752" + }, + { + "name": "http://drupalcode.org/project/responsive.git/commitdiff/6b593ff", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/responsive.git/commitdiff/6b593ff" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3229.json b/2013/3xxx/CVE-2013-3229.json index 1d71235160d..1221d9bebb1 100644 --- a/2013/3xxx/CVE-2013-3229.json +++ b/2013/3xxx/CVE-2013-3229.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20130414 Linux 3.9-rc7", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2013/4/14/107" - }, - { - "name" : "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/14/3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5598bd9c087dc0efc250a5221e5d0e6f584ee88", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5598bd9c087dc0efc250a5221e5d0e6f584ee88" - }, - { - "name" : "https://github.com/torvalds/linux/commit/a5598bd9c087dc0efc250a5221e5d0e6f584ee88", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/a5598bd9c087dc0efc250a5221e5d0e6f584ee88" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - }, - { - "name" : "openSUSE-SU-2013:1187", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" - }, - { - "name" : "openSUSE-SU-2013:1971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" - }, - { - "name" : "SUSE-SU-2013:1182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html" - }, - { - "name" : "USN-1837-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1837-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5598bd9c087dc0efc250a5221e5d0e6f584ee88", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5598bd9c087dc0efc250a5221e5d0e6f584ee88" + }, + { + "name": "openSUSE-SU-2013:1187", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" + }, + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "USN-1837-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1837-1" + }, + { + "name": "[linux-kernel] 20130414 Linux 3.9-rc7", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2013/4/14/107" + }, + { + "name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/14/3" + }, + { + "name": "https://github.com/torvalds/linux/commit/a5598bd9c087dc0efc250a5221e5d0e6f584ee88", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/a5598bd9c087dc0efc250a5221e5d0e6f584ee88" + }, + { + "name": "openSUSE-SU-2013:1971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" + }, + { + "name": "SUSE-SU-2013:1182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3373.json b/2013/3xxx/CVE-2013-3373.json index 436d5104866..f89bc30db93 100644 --- a/2013/3xxx/CVE-2013-3373.json +++ b/2013/3xxx/CVE-2013-3373.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20130522 RT 3.8.17 released", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html" - }, - { - "name" : "[rt-announce] 20130522 RT 4.0.13 released", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" - }, - { - "name" : "[rt-announce] 20130522 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" - }, - { - "name" : "DSA-2670", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2670" - }, - { - "name" : "93606", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/93606" - }, - { - "name" : "53505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53505" - }, - { - "name" : "53522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[rt-announce] 20130522 RT 3.8.17 released", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html" + }, + { + "name": "[rt-announce] 20130522 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" + }, + { + "name": "[rt-announce] 20130522 RT 4.0.13 released", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" + }, + { + "name": "93606", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/93606" + }, + { + "name": "53505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53505" + }, + { + "name": "DSA-2670", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2670" + }, + { + "name": "53522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53522" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3378.json b/2013/3xxx/CVE-2013-3378.json index 760e900980d..076df273023 100644 --- a/2013/3xxx/CVE-2013-3378.json +++ b/2013/3xxx/CVE-2013-3378.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130619 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130619 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3553.json b/2013/3xxx/CVE-2013-3553.json index b45883d5c2c..0c8dbd6f264 100644 --- a/2013/3xxx/CVE-2013-3553.json +++ b/2013/3xxx/CVE-2013-3553.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.microsoft.com/en-us/security-updates/vulnerabilityresearchadvisories/2013/msvr13-007", - "refsource" : "MISC", - "url" : "https://docs.microsoft.com/en-us/security-updates/vulnerabilityresearchadvisories/2013/msvr13-007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.microsoft.com/en-us/security-updates/vulnerabilityresearchadvisories/2013/msvr13-007", + "refsource": "MISC", + "url": "https://docs.microsoft.com/en-us/security-updates/vulnerabilityresearchadvisories/2013/msvr13-007" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3647.json b/2013/3xxx/CVE-2013-3647.json index adb686ce9ae..867bec2a5af 100644 --- a/2013/3xxx/CVE-2013-3647.json +++ b/2013/3xxx/CVE-2013-3647.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-3647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://live.cybozu.co.jp/trouble.html?q=2530", - "refsource" : "CONFIRM", - "url" : "https://live.cybozu.co.jp/trouble.html?q=2530" - }, - { - "name" : "JVN#19740283", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN19740283/index.html" - }, - { - "name" : "JVNDB-2013-000060", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2013-000060", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000060" + }, + { + "name": "JVN#19740283", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN19740283/index.html" + }, + { + "name": "https://live.cybozu.co.jp/trouble.html?q=2530", + "refsource": "CONFIRM", + "url": "https://live.cybozu.co.jp/trouble.html?q=2530" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4016.json b/2013/4xxx/CVE-2013-4016.json index 79ec4594154..dd34d892d28 100644 --- a/2013/4xxx/CVE-2013-4016.json +++ b/2013/4xxx/CVE-2013-4016.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-4016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" - }, - { - "name" : "IV41871", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871" - }, - { - "name" : "ibm-maximo-cve20134016-sqli(85793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" + }, + { + "name": "ibm-maximo-cve20134016-sqli(85793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793" + }, + { + "name": "IV41871", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4315.json b/2013/4xxx/CVE-2013-4315.json index 681f5e31709..5e0b51dcab1 100644 --- a/2013/4xxx/CVE-2013-4315.json +++ b/2013/4xxx/CVE-2013-4315.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/" - }, - { - "name" : "DSA-2755", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2755" - }, - { - "name" : "RHSA-2013:1521", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1521.html" - }, - { - "name" : "openSUSE-SU-2013:1541", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html" - }, - { - "name" : "54772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54772" - }, - { - "name" : "54828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1541", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html" + }, + { + "name": "54772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54772" + }, + { + "name": "RHSA-2013:1521", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1521.html" + }, + { + "name": "https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/" + }, + { + "name": "54828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54828" + }, + { + "name": "DSA-2755", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2755" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4783.json b/2013/4xxx/CVE-2013-4783.json index c6ec042580c..7a27fef20bb 100644 --- a/2013/4xxx/CVE-2013-4783.json +++ b/2013/4xxx/CVE-2013-4783.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating \"DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Freeipmi-devel] 20130222 The Infamous Cipher Zero, I presume?", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html" - }, - { - "name" : "ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf", - "refsource" : "MISC", - "url" : "ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf" - }, - { - "name" : "http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx", - "refsource" : "MISC", - "url" : "http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx" - }, - { - "name" : "http://fish2.com/ipmi/cipherzero.html", - "refsource" : "MISC", - "url" : "http://fish2.com/ipmi/cipherzero.html" - }, - { - "name" : "http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero", - "refsource" : "MISC", - "url" : "http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero" - }, - { - "name" : "http://www.wired.com/threatlevel/2013/07/ipmi/", - "refsource" : "MISC", - "url" : "http://www.wired.com/threatlevel/2013/07/ipmi/" - }, - { - "name" : "93039", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/93039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating \"DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx", + "refsource": "MISC", + "url": "http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx" + }, + { + "name": "http://www.wired.com/threatlevel/2013/07/ipmi/", + "refsource": "MISC", + "url": "http://www.wired.com/threatlevel/2013/07/ipmi/" + }, + { + "name": "http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero", + "refsource": "MISC", + "url": "http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero" + }, + { + "name": "93039", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/93039" + }, + { + "name": "ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf", + "refsource": "MISC", + "url": "ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf" + }, + { + "name": "http://fish2.com/ipmi/cipherzero.html", + "refsource": "MISC", + "url": "http://fish2.com/ipmi/cipherzero.html" + }, + { + "name": "[Freeipmi-devel] 20130222 The Infamous Cipher Zero, I presume?", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4844.json b/2013/4xxx/CVE-2013-4844.json index a1e6ae28468..59679ea324b 100644 --- a/2013/4xxx/CVE-2013-4844.json +++ b/2013/4xxx/CVE-2013-4844.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02942", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04026812" - }, - { - "name" : "SSRT101369", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04026812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBGN02942", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04026812" + }, + { + "name": "SSRT101369", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04026812" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12013.json b/2017/12xxx/CVE-2017-12013.json index 1c0fec36ff8..e8a9db01ab6 100644 --- a/2017/12xxx/CVE-2017-12013.json +++ b/2017/12xxx/CVE-2017-12013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12304.json b/2017/12xxx/CVE-2017-12304.json index 34062e8e0f8..e83b82ea595 100644 --- a/2017/12xxx/CVE-2017-12304.json +++ b/2017/12xxx/CVE-2017-12304.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the web-based management interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf60862." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios" - }, - { - "name" : "101856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101856" - }, - { - "name" : "1039825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the web-based management interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf60862." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101856" + }, + { + "name": "1039825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039825" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12568.json b/2017/12xxx/CVE-2017-12568.json index c35f3a973c6..c0733cb5e6e 100644 --- a/2017/12xxx/CVE-2017-12568.json +++ b/2017/12xxx/CVE-2017-12568.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/tipilu/53f142466507b2ef4c8ceb08d22d1278", - "refsource" : "MISC", - "url" : "https://gist.github.com/tipilu/53f142466507b2ef4c8ceb08d22d1278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/tipilu/53f142466507b2ef4c8ceb08d22d1278", + "refsource": "MISC", + "url": "https://gist.github.com/tipilu/53f142466507b2ef4c8ceb08d22d1278" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12700.json b/2017/12xxx/CVE-2017-12700.json index f4512d26cc0..0bca434f203 100644 --- a/2017/12xxx/CVE-2017-12700.json +++ b/2017/12xxx/CVE-2017-12700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12700", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12700", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12893.json b/2017/12xxx/CVE-2017-12893.json index 790d01c70b5..0821295a644 100644 --- a/2017/12xxx/CVE-2017-12893.json +++ b/2017/12xxx/CVE-2017-12893.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/6f5ba2b651cd9d4b7fa8ee5c4f94460645877c45", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/6f5ba2b651cd9d4b7fa8ee5c4f94460645877c45" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/6f5ba2b651cd9d4b7fa8ee5c4f94460645877c45", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/6f5ba2b651cd9d4b7fa8ee5c4f94460645877c45" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12961.json b/2017/12xxx/CVE-2017-12961.json index 417092c0864..fde49598fbb 100644 --- a/2017/12xxx/CVE-2017-12961.json +++ b/2017/12xxx/CVE-2017-12961.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482436", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482436" - }, - { - "name" : "https://savannah.gnu.org/forum/forum.php?forum_id=8936", - "refsource" : "CONFIRM", - "url" : "https://savannah.gnu.org/forum/forum.php?forum_id=8936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1482436", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482436" + }, + { + "name": "https://savannah.gnu.org/forum/forum.php?forum_id=8936", + "refsource": "CONFIRM", + "url": "https://savannah.gnu.org/forum/forum.php?forum_id=8936" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13008.json b/2017/13xxx/CVE-2017-13008.json index 356022b895e..b1f05007060 100644 --- a/2017/13xxx/CVE-2017-13008.json +++ b/2017/13xxx/CVE-2017-13008.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a3d44baa4c6387562", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a3d44baa4c6387562" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a3d44baa4c6387562", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a3d44baa4c6387562" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13219.json b/2017/13xxx/CVE-2017-13219.json index 7a70dd74b81..699eff41405 100644 --- a/2017/13xxx/CVE-2017-13219.json +++ b/2017/13xxx/CVE-2017-13219.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-13219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-13219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13797.json b/2017/13xxx/CVE-2017-13797.json index a3c8e8958c1..f53ad52643e 100644 --- a/2017/13xxx/CVE-2017-13797.json +++ b/2017/13xxx/CVE-2017-13797.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43168", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43168/" - }, - { - "name" : "https://support.apple.com/HT208219", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208219" - }, - { - "name" : "https://support.apple.com/HT208222", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208222" - }, - { - "name" : "https://support.apple.com/HT208223", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208223" - }, - { - "name" : "https://support.apple.com/HT208224", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208224" - }, - { - "name" : "https://support.apple.com/HT208225", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208225", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208225" + }, + { + "name": "https://support.apple.com/HT208222", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208222" + }, + { + "name": "43168", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43168/" + }, + { + "name": "https://support.apple.com/HT208219", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208219" + }, + { + "name": "https://support.apple.com/HT208224", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208224" + }, + { + "name": "https://support.apple.com/HT208223", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208223" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13840.json b/2017/13xxx/CVE-2017-13840.json index 6f08d76fe7e..51d32809b63 100644 --- a/2017/13xxx/CVE-2017-13840.json +++ b/2017/13xxx/CVE-2017-13840.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "1039710", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "1039710", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039710" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16061.json b/2017/16xxx/CVE-2017-16061.json index 59493b4f2e7..040f52610b8 100644 --- a/2017/16xxx/CVE-2017-16061.json +++ b/2017/16xxx/CVE-2017-16061.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "tkinter node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded Malicious Code (CWE-506)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tkinter node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/500", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded Malicious Code (CWE-506)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/500", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/500" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16245.json b/2017/16xxx/CVE-2017-16245.json index c626749c19e..a236fc612f2 100644 --- a/2017/16xxx/CVE-2017-16245.json +++ b/2017/16xxx/CVE-2017-16245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16245", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16245", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16279.json b/2017/16xxx/CVE-2017-16279.json index 15e963a30cd..be9b447c720 100644 --- a/2017/16xxx/CVE-2017-16279.json +++ b/2017/16xxx/CVE-2017-16279.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16279", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16279", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16703.json b/2017/16xxx/CVE-2017-16703.json index 451b1607bc8..42b4f84ee62 100644 --- a/2017/16xxx/CVE-2017-16703.json +++ b/2017/16xxx/CVE-2017-16703.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16703", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16703", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16990.json b/2017/16xxx/CVE-2017-16990.json index 0b9df034d87..35d452458e4 100644 --- a/2017/16xxx/CVE-2017-16990.json +++ b/2017/16xxx/CVE-2017-16990.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16990", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16990", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17085.json b/2017/17xxx/CVE-2017-17085.json index 567bf140bbd..39c55e08dae 100644 --- a/2017/17xxx/CVE-2017-17085.json +++ b/2017/17xxx/CVE-2017-17085.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43233", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43233/" - }, - { - "name" : "[debian-lts-announce] 20171231 [SECURITY] [DLA 1226-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00029.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-49.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-49.html" - }, - { - "name" : "DSA-4060", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4060" - }, - { - "name" : "102071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4060", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4060" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8" + }, + { + "name": "43233", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43233/" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-49.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-49.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250" + }, + { + "name": "[debian-lts-announce] 20171231 [SECURITY] [DLA 1226-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00029.html" + }, + { + "name": "102071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102071" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17231.json b/2017/17xxx/CVE-2017-17231.json index b4d8c421b92..0c0acce22b0 100644 --- a/2017/17xxx/CVE-2017-17231.json +++ b/2017/17xxx/CVE-2017-17231.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17231", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17231", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17870.json b/2017/17xxx/CVE-2017-17870.json index 6dd908e5a7f..d2813a4121c 100644 --- a/2017/17xxx/CVE-2017-17870.json +++ b/2017/17xxx/CVE-2017-17870.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43323", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43323/" - }, - { - "name" : "https://vel.joomla.org/vel-blog/2046-jbuildozer-1-4-1-sql-injection", - "refsource" : "MISC", - "url" : "https://vel.joomla.org/vel-blog/2046-jbuildozer-1-4-1-sql-injection" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://vel.joomla.org/vel-blog/2046-jbuildozer-1-4-1-sql-injection", + "refsource": "MISC", + "url": "https://vel.joomla.org/vel-blog/2046-jbuildozer-1-4-1-sql-injection" + }, + { + "name": "43323", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43323/" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4560.json b/2017/4xxx/CVE-2017-4560.json index 7af1e384eeb..b81ba20bb61 100644 --- a/2017/4xxx/CVE-2017-4560.json +++ b/2017/4xxx/CVE-2017-4560.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4560", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4560", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18382.json b/2018/18xxx/CVE-2018-18382.json index d3812859162..927d6d342d9 100644 --- a/2018/18xxx/CVE-2018-18382.json +++ b/2018/18xxx/CVE-2018-18382.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an \"Update Profile\" \"Change Picture\" (aka user/edit-profile) action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45604", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45604/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an \"Update Profile\" \"Change Picture\" (aka user/edit-profile) action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45604", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45604/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18490.json b/2018/18xxx/CVE-2018-18490.json index e5284d2a8d8..7d67445c8c4 100644 --- a/2018/18xxx/CVE-2018-18490.json +++ b/2018/18xxx/CVE-2018-18490.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18490", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18490", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18565.json b/2018/18xxx/CVE-2018-18565.json index 11505b6aa58..83bbe0aa417 100644 --- a/2018/18xxx/CVE-2018-18565.json +++ b/2018/18xxx/CVE-2018-18565.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01" - }, - { - "name" : "105843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01" + }, + { + "name": "105843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105843" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18745.json b/2018/18xxx/CVE-2018-18745.json index dd9f21c3df5..9b4af10c554 100644 --- a/2018/18xxx/CVE-2018-18745.json +++ b/2018/18xxx/CVE-2018-18745.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss5", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss5", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss5" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18997.json b/2018/18xxx/CVE-2018-18997.json index 9b0f31bda0b..6d7f801b5bb 100644 --- a/2018/18xxx/CVE-2018-18997.json +++ b/2018/18xxx/CVE-2018-18997.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-18997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ABB GATE-E1 and GATE-E2", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-Site Scripting') CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-18997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ABB GATE-E1 and GATE-E2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01" - }, - { - "name" : "106247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-Site Scripting') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01" + }, + { + "name": "106247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106247" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1284.json b/2018/1xxx/CVE-2018-1284.json index 4639e4df9f7..24efcdf0395 100644 --- a/2018/1xxx/CVE-2018-1284.json +++ b/2018/1xxx/CVE-2018-1284.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-04-04T00:00:00", - "ID" : "CVE-2018-1284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Hive", - "version" : { - "version_data" : [ - { - "version_value" : "0.6.0 to 2.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-04-04T00:00:00", + "ID": "CVE-2018-1284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Hive", + "version": { + "version_data": [ + { + "version_value": "0.6.0 to 2.3.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20180404 [SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E" - }, - { - "name" : "103750", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dev] 20180404 [SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E" + }, + { + "name": "103750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103750" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1576.json b/2018/1xxx/CVE-2018-1576.json index af2b5b8c861..4eb730681be 100644 --- a/2018/1xxx/CVE-2018-1576.json +++ b/2018/1xxx/CVE-2018-1576.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1576", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1576", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1644.json b/2018/1xxx/CVE-2018-1644.json index 05e9afa6cdf..1bd2f797d36 100644 --- a/2018/1xxx/CVE-2018-1644.json +++ b/2018/1xxx/CVE-2018-1644.json @@ -1,271 +1,271 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-23T00:00:00", - "ID" : "CVE-2018-1644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Commerce", - "version" : { - "version_data" : [ - { - "version_value" : "7.0.0.0" - }, - { - "version_value" : "8.0.4.0" - }, - { - "version_value" : "8.0.4.14" - }, - { - "version_value" : "8.0.3.0" - }, - { - "version_value" : "8.0.3.6" - }, - { - "version_value" : "8.0.1.0" - }, - { - "version_value" : "8.0.1.13" - }, - { - "version_value" : "8.0.0.0" - }, - { - "version_value" : "8.0.0.19" - }, - { - "version_value" : "9.0.0.0" - }, - { - "version_value" : "9.0.0.4" - }, - { - "version_value" : "8.0.4.3" - }, - { - "version_value" : "8.0.4.4" - }, - { - "version_value" : "8.0.4.5" - }, - { - "version_value" : "8.0.4.6" - }, - { - "version_value" : "8.0.4.7" - }, - { - "version_value" : "8.0.4.8" - }, - { - "version_value" : "8.0.4.9" - }, - { - "version_value" : "8.0.4.10" - }, - { - "version_value" : "8.0.4.11" - }, - { - "version_value" : "8.0.4.12" - }, - { - "version_value" : "8.0.4.13" - }, - { - "version_value" : "8.0.3.1" - }, - { - "version_value" : "8.0.3.2" - }, - { - "version_value" : "8.0.3.3" - }, - { - "version_value" : "8.0.3.4" - }, - { - "version_value" : "8.0.3.5" - }, - { - "version_value" : "8.0.4.1" - }, - { - "version_value" : "8.0.4.2" - }, - { - "version_value" : "8.0.1.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.0.1.4" - }, - { - "version_value" : "8.0.1.5" - }, - { - "version_value" : "8.0.1.6" - }, - { - "version_value" : "8.0.1.7" - }, - { - "version_value" : "8.0.1.8" - }, - { - "version_value" : "8.0.1.9" - }, - { - "version_value" : "8.0.1.10" - }, - { - "version_value" : "8.0.1.11" - }, - { - "version_value" : "8.0.1.12" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.0.6" - }, - { - "version_value" : "8.0.0.7" - }, - { - "version_value" : "8.0.0.8" - }, - { - "version_value" : "8.0.0.9" - }, - { - "version_value" : "8.0.0.10" - }, - { - "version_value" : "8.0.0.11" - }, - { - "version_value" : "8.0.0.12" - }, - { - "version_value" : "8.0.0.13" - }, - { - "version_value" : "8.0.0.14" - }, - { - "version_value" : "8.0.0.15" - }, - { - "version_value" : "8.0.0.16" - }, - { - "version_value" : "8.0.0.17" - }, - { - "version_value" : "8.0.0.18" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.0.2" - }, - { - "version_value" : "9.0.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "L", - "S" : "U", - "SCORE" : "3.100", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-08-23T00:00:00", + "ID": "CVE-2018-1644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Commerce", + "version": { + "version_data": [ + { + "version_value": "7.0.0.0" + }, + { + "version_value": "8.0.4.0" + }, + { + "version_value": "8.0.4.14" + }, + { + "version_value": "8.0.3.0" + }, + { + "version_value": "8.0.3.6" + }, + { + "version_value": "8.0.1.0" + }, + { + "version_value": "8.0.1.13" + }, + { + "version_value": "8.0.0.0" + }, + { + "version_value": "8.0.0.19" + }, + { + "version_value": "9.0.0.0" + }, + { + "version_value": "9.0.0.4" + }, + { + "version_value": "8.0.4.3" + }, + { + "version_value": "8.0.4.4" + }, + { + "version_value": "8.0.4.5" + }, + { + "version_value": "8.0.4.6" + }, + { + "version_value": "8.0.4.7" + }, + { + "version_value": "8.0.4.8" + }, + { + "version_value": "8.0.4.9" + }, + { + "version_value": "8.0.4.10" + }, + { + "version_value": "8.0.4.11" + }, + { + "version_value": "8.0.4.12" + }, + { + "version_value": "8.0.4.13" + }, + { + "version_value": "8.0.3.1" + }, + { + "version_value": "8.0.3.2" + }, + { + "version_value": "8.0.3.3" + }, + { + "version_value": "8.0.3.4" + }, + { + "version_value": "8.0.3.5" + }, + { + "version_value": "8.0.4.1" + }, + { + "version_value": "8.0.4.2" + }, + { + "version_value": "8.0.1.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.0.1.4" + }, + { + "version_value": "8.0.1.5" + }, + { + "version_value": "8.0.1.6" + }, + { + "version_value": "8.0.1.7" + }, + { + "version_value": "8.0.1.8" + }, + { + "version_value": "8.0.1.9" + }, + { + "version_value": "8.0.1.10" + }, + { + "version_value": "8.0.1.11" + }, + { + "version_value": "8.0.1.12" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.0.6" + }, + { + "version_value": "8.0.0.7" + }, + { + "version_value": "8.0.0.8" + }, + { + "version_value": "8.0.0.9" + }, + { + "version_value": "8.0.0.10" + }, + { + "version_value": "8.0.0.11" + }, + { + "version_value": "8.0.0.12" + }, + { + "version_value": "8.0.0.13" + }, + { + "version_value": "8.0.0.14" + }, + { + "version_value": "8.0.0.15" + }, + { + "version_value": "8.0.0.16" + }, + { + "version_value": "8.0.0.17" + }, + { + "version_value": "8.0.0.18" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.0.2" + }, + { + "version_value": "9.0.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10728829", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10728829" - }, - { - "name" : "ibm-websphere-cve20181644-info-disc(144589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "L", + "I": "N", + "PR": "L", + "S": "U", + "SCORE": "3.100", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10728829", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10728829" + }, + { + "name": "ibm-websphere-cve20181644-info-disc(144589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144589" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1771.json b/2018/1xxx/CVE-2018-1771.json index 955a1691cbb..077e1ffae5d 100644 --- a/2018/1xxx/CVE-2018-1771.json +++ b/2018/1xxx/CVE-2018-1771.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-18T00:00:00", - "ID" : "CVE-2018-1771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Domino", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "H", - "PR" : "N", - "S" : "U", - "SCORE" : "8.400", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-18T00:00:00", + "ID": "CVE-2018-1771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Domino", + "version": { + "version_data": [ + { + "version_value": "9.0.1" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10743405", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10743405" - }, - { - "name" : "ibm-notes-cve20181771-priv-escalation(148687)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "AV": "L", + "C": "H", + "I": "H", + "PR": "N", + "S": "U", + "SCORE": "8.400", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-notes-cve20181771-priv-escalation(148687)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148687" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10743405", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10743405" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1984.json b/2018/1xxx/CVE-2018-1984.json index c6fe2e155ed..d87ef0b227b 100644 --- a/2018/1xxx/CVE-2018-1984.json +++ b/2018/1xxx/CVE-2018-1984.json @@ -1,115 +1,120 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-08T00:00:00", - "ID" : "CVE-2018-1984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Team Concert", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-03-08T00:00:00", + "ID": "CVE-2018-1984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Team Concert", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875364", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875364" - }, - { - "name" : "ibm-rtc-cve20181984-xss(154137)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "107419", + "url": "http://www.securityfocus.com/bid/107419" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875364", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875364" + }, + { + "name": "ibm-rtc-cve20181984-xss(154137)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154137" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5517.json b/2018/5xxx/CVE-2018-5517.json index a1029777b80..f74a25917db 100644 --- a/2018/5xxx/CVE-2018-5517.json +++ b/2018/5xxx/CVE-2018-5517.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-04-30T00:00:00", - "ID" : "CVE-2018-5517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", - "version" : { - "version_data" : [ - { - "version_value" : "13.1.0-13.1.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-04-30T00:00:00", + "ID": "CVE-2018-5517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", + "version": { + "version_data": [ + { + "version_value": "13.1.0-13.1.0.5" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K25573437", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K25573437" - }, - { - "name" : "1040805", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040805", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040805" + }, + { + "name": "https://support.f5.com/csp/article/K25573437", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K25573437" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5862.json b/2018/5xxx/CVE-2018-5862.json index 15ae7b59b87..4aef16508d0 100644 --- a/2018/5xxx/CVE-2018-5862.json +++ b/2018/5xxx/CVE-2018-5862.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-07-02T00:00:00", - "ID" : "CVE-2018-5862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Calculation of Buffer Size in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-07-02T00:00:00", + "ID": "CVE-2018-5862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-07-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=41ad3f76792e08a84962a0b8e9cfb1ba6c4c9ca6", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=41ad3f76792e08a84962a0b8e9cfb1ba6c4c9ca6" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Calculation of Buffer Size in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=41ad3f76792e08a84962a0b8e9cfb1ba6c4c9ca6", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=41ad3f76792e08a84962a0b8e9cfb1ba6c4c9ca6" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-07-01" + } + ] + } +} \ No newline at end of file