diff --git a/2001/0xxx/CVE-2001-0426.json b/2001/0xxx/CVE-2001-0426.json index 47e31aea431..20f48524650 100644 --- a/2001/0xxx/CVE-2001-0426.json +++ b/2001/0xxx/CVE-2001-0426.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0726.json b/2008/0xxx/CVE-2008-0726.json index 27b7ddde446..f8f454ed150 100644 --- a/2008/0xxx/CVE-2008-0726.json +++ b/2008/0xxx/CVE-2008-0726.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080211 ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488000/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html" - }, - { - "name" : "http://www.adobe.com/support/security/advisories/apsa08-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa08-01.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-13.html" - }, - { - "name" : "GLSA-200803-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-01.xml" - }, - { - "name" : "RHSA-2008:0144", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0144.html" - }, - { - "name" : "239286", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1" - }, - { - "name" : "SUSE-SA:2008:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html" - }, - { - "name" : "oval:org.mitre.oval:def:10957", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10957" - }, - { - "name" : "ADV-2008-1966", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1966/references" - }, - { - "name" : "28983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28983" - }, - { - "name" : "29065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29065" - }, - { - "name" : "29205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29205" - }, - { - "name" : "30840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2008:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-13.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html" + }, + { + "name": "ADV-2008-1966", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1966/references" + }, + { + "name": "http://www.adobe.com/support/security/advisories/apsa08-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa08-01.html" + }, + { + "name": "28983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28983" + }, + { + "name": "239286", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1" + }, + { + "name": "20080211 ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488000/100/0/threaded" + }, + { + "name": "GLSA-200803-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-01.xml" + }, + { + "name": "29065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29065" + }, + { + "name": "30840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30840" + }, + { + "name": "29205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29205" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html" + }, + { + "name": "oval:org.mitre.oval:def:10957", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10957" + }, + { + "name": "RHSA-2008:0144", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0921.json b/2008/0xxx/CVE-2008-0921.json index 7bf612ee1e9..a9fd5025eb5 100644 --- a/2008/0xxx/CVE-2008-0921.json +++ b/2008/0xxx/CVE-2008-0921.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5170", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5170" - }, - { - "name" : "27928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27928" - }, - { - "name" : "29061", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29061", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29061" + }, + { + "name": "27928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27928" + }, + { + "name": "5170", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5170" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0964.json b/2008/0xxx/CVE-2008-0964.json index 3e1364469b4..d8777f2af96 100644 --- a/2008/0xxx/CVE-2008-0964.json +++ b/2008/0xxx/CVE-2008-0964.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080804 Solaris snoop SMB Decoding Multiple Stack Buffer Overflow Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=734" - }, - { - "name" : "6328", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6328" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766935", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766935" - }, - { - "name" : "240101", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240101-1" - }, - { - "name" : "30556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30556" - }, - { - "name" : "oval:org.mitre.oval:def:5318", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5318" - }, - { - "name" : "ADV-2008-2311", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2311" - }, - { - "name" : "1020633", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020633" - }, - { - "name" : "31386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31386" - }, - { - "name" : "31535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31535" - }, - { - "name" : "solaris-snoop1m-bo(44222)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6328", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6328" + }, + { + "name": "20080804 Solaris snoop SMB Decoding Multiple Stack Buffer Overflow Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=734" + }, + { + "name": "240101", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240101-1" + }, + { + "name": "1020633", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020633" + }, + { + "name": "oval:org.mitre.oval:def:5318", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5318" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm" + }, + { + "name": "ADV-2008-2311", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2311" + }, + { + "name": "31535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31535" + }, + { + "name": "31386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31386" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766935", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766935" + }, + { + "name": "solaris-snoop1m-bo(44222)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44222" + }, + { + "name": "30556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30556" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1021.json b/2008/1xxx/CVE-2008-1021.json index 7ab8c80af56..1569719b254 100644 --- a/2008/1xxx/CVE-2008-1021.json +++ b/2008/1xxx/CVE-2008-1021.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080403 ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490462/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-018", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-018" - }, - { - "name" : "http://support.apple.com/kb/HT1241", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT1241" - }, - { - "name" : "TA08-094A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-094A.html" - }, - { - "name" : "28583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28583" - }, - { - "name" : "ADV-2008-1078", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1078" - }, - { - "name" : "1019765", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019765" - }, - { - "name" : "29650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29650" - }, - { - "name" : "quicktime-animation-codec-bo(41612)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT1241", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT1241" + }, + { + "name": "TA08-094A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-094A.html" + }, + { + "name": "ADV-2008-1078", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1078" + }, + { + "name": "28583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28583" + }, + { + "name": "20080403 ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490462/100/0/threaded" + }, + { + "name": "1019765", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019765" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-018", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-018" + }, + { + "name": "quicktime-animation-codec-bo(41612)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41612" + }, + { + "name": "29650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29650" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1057.json b/2008/1xxx/CVE-2008-1057.json index aa267d2ae1d..59ab8ebf492 100644 --- a/2008/1xxx/CVE-2008-1057.json +++ b/2008/1xxx/CVE-2008-1057.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080225 008: RELIABILITY FIX: February 25, 2008", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata42.html#008_ip6rthdr" - }, - { - "name" : "27965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27965" - }, - { - "name" : "ADV-2008-0660", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0660" - }, - { - "name" : "1019496", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019496" - }, - { - "name" : "29078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27965" + }, + { + "name": "29078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29078" + }, + { + "name": "ADV-2008-0660", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0660" + }, + { + "name": "1019496", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019496" + }, + { + "name": "20080225 008: RELIABILITY FIX: February 25, 2008", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata42.html#008_ip6rthdr" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1482.json b/2008/1xxx/CVE-2008-1482.json index b0b2d2090ab..08305962dea 100644 --- a/2008/1xxx/CVE-2008-1482.json +++ b/2008/1xxx/CVE-2008-1482.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080320 Multiple heap overflows in xine-lib 1.1.11", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489894/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/xinehof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/xinehof-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/xinehof.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/xinehof.zip" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=438663", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=438663" - }, - { - "name" : "DSA-1586", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1586" - }, - { - "name" : "FEDORA-2008-2849", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html" - }, - { - "name" : "FEDORA-2008-2945", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" - }, - { - "name" : "GLSA-200808-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-01.xml" - }, - { - "name" : "MDVSA-2008:178", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" - }, - { - "name" : "SSA:2008-092-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.441137" - }, - { - "name" : "SUSE-SR:2008:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" - }, - { - "name" : "USN-635-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-635-1" - }, - { - "name" : "28370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28370" - }, - { - "name" : "30337", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30337" - }, - { - "name" : "ADV-2008-0981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0981/references" - }, - { - "name" : "29484", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29484" - }, - { - "name" : "29600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29600" - }, - { - "name" : "29740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29740" - }, - { - "name" : "29756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29756" - }, - { - "name" : "29622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29622" - }, - { - "name" : "31372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31372" - }, - { - "name" : "31393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31393" - }, - { - "name" : "3769", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3769" - }, - { - "name" : "xinelib-multiple-bo(41350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0981/references" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=438663", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663" + }, + { + "name": "29622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29622" + }, + { + "name": "GLSA-200808-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" + }, + { + "name": "SUSE-SR:2008:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" + }, + { + "name": "3769", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3769" + }, + { + "name": "DSA-1586", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1586" + }, + { + "name": "FEDORA-2008-2945", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" + }, + { + "name": "29484", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29484" + }, + { + "name": "29756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29756" + }, + { + "name": "29600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29600" + }, + { + "name": "29740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29740" + }, + { + "name": "31393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31393" + }, + { + "name": "MDVSA-2008:178", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" + }, + { + "name": "http://aluigi.org/poc/xinehof.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/xinehof.zip" + }, + { + "name": "xinelib-multiple-bo(41350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350" + }, + { + "name": "FEDORA-2008-2849", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html" + }, + { + "name": "SSA:2008-092-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.441137" + }, + { + "name": "28370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28370" + }, + { + "name": "20080320 Multiple heap overflows in xine-lib 1.1.11", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/xinehof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/xinehof-adv.txt" + }, + { + "name": "31372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31372" + }, + { + "name": "USN-635-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-635-1" + }, + { + "name": "30337", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30337" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1910.json b/2008/1xxx/CVE-2008-1910.json index 027ff3640d3..8cd2dd5dfd0 100644 --- a/2008/1xxx/CVE-2008-1910.json +++ b/2008/1xxx/CVE-2008-1910.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080411 Borland InterBase 2007 \"ibserver.exe\" Buffer Overflow Vulnerability POC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490752/100/0/threaded" - }, - { - "name" : "5427", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5427" - }, - { - "name" : "28730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28730" - }, - { - "name" : "1019834", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019834" - }, - { - "name" : "borland-ibserver-bo(41932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080411 Borland InterBase 2007 \"ibserver.exe\" Buffer Overflow Vulnerability POC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490752/100/0/threaded" + }, + { + "name": "borland-ibserver-bo(41932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41932" + }, + { + "name": "5427", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5427" + }, + { + "name": "28730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28730" + }, + { + "name": "1019834", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019834" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5222.json b/2008/5xxx/CVE-2008-5222.json index 64a6744f928..451694b3a56 100644 --- a/2008/5xxx/CVE-2008-5222.json +++ b/2008/5xxx/CVE-2008-5222.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080529 dvbbs8.2(access/sql)version login.asp remote sql injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492753/100/0/threaded" - }, - { - "name" : "29429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29429" - }, - { - "name" : "30455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30455" - }, - { - "name" : "4635", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4635" - }, - { - "name" : "dvbbs-login-sql-injection(42731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30455" + }, + { + "name": "dvbbs-login-sql-injection(42731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42731" + }, + { + "name": "20080529 dvbbs8.2(access/sql)version login.asp remote sql injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492753/100/0/threaded" + }, + { + "name": "29429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29429" + }, + { + "name": "4635", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4635" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5268.json b/2008/5xxx/CVE-2008-5268.json index c2f3dc4b2bd..02cfc84b7f8 100644 --- a/2008/5xxx/CVE-2008-5268.json +++ b/2008/5xxx/CVE-2008-5268.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080612 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493302/100/0/threaded" - }, - { - "name" : "5775", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5775" - }, - { - "name" : "29631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29631" - }, - { - "name" : "4653", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4653" - }, - { - "name" : "aspportal-reply-sql-injection(42977)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4653", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4653" + }, + { + "name": "5775", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5775" + }, + { + "name": "20080612 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493302/100/0/threaded" + }, + { + "name": "aspportal-reply-sql-injection(42977)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42977" + }, + { + "name": "29631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29631" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5611.json b/2008/5xxx/CVE-2008-5611.json index 8ebf87a5779..79347fe9aae 100644 --- a/2008/5xxx/CVE-2008-5611.json +++ b/2008/5xxx/CVE-2008-5611.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5611", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5611", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5678.json b/2008/5xxx/CVE-2008-5678.json index d65475c1474..dd922a4144a 100644 --- a/2008/5xxx/CVE-2008-5678.json +++ b/2008/5xxx/CVE-2008-5678.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6653", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6653" - }, - { - "name" : "31544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31544" - }, - { - "name" : "4790", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4790" - }, - { - "name" : "olib7webview-infile-file-include(45638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31544" + }, + { + "name": "4790", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4790" + }, + { + "name": "olib7webview-infile-file-include(45638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45638" + }, + { + "name": "6653", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6653" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5764.json b/2008/5xxx/CVE-2008-5764.json index b2f284c3584..779f9116205 100644 --- a/2008/5xxx/CVE-2008-5764.json +++ b/2008/5xxx/CVE-2008-5764.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7481", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7481" - }, - { - "name" : "32849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32849" - }, - { - "name" : "50726", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50726" - }, - { - "name" : "33163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33163" - }, - { - "name" : "4831", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4831" - }, - { - "name" : "worksimple-calendar-file-include(47361)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "worksimple-calendar-file-include(47361)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47361" + }, + { + "name": "7481", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7481" + }, + { + "name": "33163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33163" + }, + { + "name": "50726", + "refsource": "OSVDB", + "url": "http://osvdb.org/50726" + }, + { + "name": "32849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32849" + }, + { + "name": "4831", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4831" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5983.json b/2008/5xxx/CVE-2008-5983.json index 07eadcd2318..fb1a41e8e68 100644 --- a/2008/5xxx/CVE-2008-5983.json +++ b/2008/5xxx/CVE-2008-5983.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-bugs] 20081112 Bug#493937: [Patch] Prevent loading of Python modules in working directory", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg586010.html" - }, - { - "name" : "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd", - "refsource" : "MLIST", - "url" : "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html" - }, - { - "name" : "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/01/26/2" - }, - { - "name" : "[oss-security] 20090128 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/01/28/5" - }, - { - "name" : "[oss-security] 20090130 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/01/30/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=482814", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=482814" - }, - { - "name" : "FEDORA-2010-9652", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html" - }, - { - "name" : "GLSA-200903-41", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-41.xml" - }, - { - "name" : "GLSA-200904-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-06.xml" - }, - { - "name" : "RHSA-2011:0027", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0027.html" - }, - { - "name" : "USN-1596-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1596-1" - }, - { - "name" : "USN-1613-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-2" - }, - { - "name" : "USN-1613-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-1" - }, - { - "name" : "USN-1616-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1616-1" - }, - { - "name" : "34522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34522" - }, - { - "name" : "40194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40194" - }, - { - "name" : "42888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42888" - }, - { - "name" : "50858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50858" - }, - { - "name" : "51024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51024" - }, - { - "name" : "51040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51040" - }, - { - "name" : "51087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51087" - }, - { - "name" : "ADV-2010-1448", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1448" - }, - { - "name" : "ADV-2011-0122", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-bugs] 20081112 Bug#493937: [Patch] Prevent loading of Python modules in working directory", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg586010.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=482814", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=482814" + }, + { + "name": "FEDORA-2010-9652", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html" + }, + { + "name": "51087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51087" + }, + { + "name": "[oss-security] 20090130 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/01/30/2" + }, + { + "name": "USN-1616-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1616-1" + }, + { + "name": "51040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51040" + }, + { + "name": "GLSA-200903-41", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-41.xml" + }, + { + "name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2" + }, + { + "name": "ADV-2010-1448", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1448" + }, + { + "name": "50858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50858" + }, + { + "name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd", + "refsource": "MLIST", + "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html" + }, + { + "name": "GLSA-200904-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-06.xml" + }, + { + "name": "ADV-2011-0122", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0122" + }, + { + "name": "[oss-security] 20090128 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/01/28/5" + }, + { + "name": "34522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34522" + }, + { + "name": "42888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42888" + }, + { + "name": "USN-1596-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1596-1" + }, + { + "name": "40194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40194" + }, + { + "name": "RHSA-2011:0027", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html" + }, + { + "name": "USN-1613-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-2" + }, + { + "name": "51024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51024" + }, + { + "name": "USN-1613-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0054.json b/2013/0xxx/CVE-2013-0054.json index 933b8c64dab..17dafb5f3f8 100644 --- a/2013/0xxx/CVE-2013-0054.json +++ b/2013/0xxx/CVE-2013-0054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0054", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0054", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0434.json b/2013/0xxx/CVE-2013-0434.json index 48da9ad0466..f2ec1bcab3d 100644 --- a/2013/0xxx/CVE-2013-0434.json +++ b/2013/0xxx/CVE-2013-0434.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02864", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "SSRT101156", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "RHSA-2013:0236", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "RHSA-2013:0245", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" - }, - { - "name" : "RHSA-2013:0246", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" - }, - { - "name" : "RHSA-2013:0247", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "openSUSE-SU-2013:0312", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" - }, - { - "name" : "openSUSE-SU-2013:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" - }, - { - "name" : "SUSE-SU-2013:0478", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "57730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57730" - }, - { - "name" : "oval:org.mitre.oval:def:16528", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16528" - }, - { - "name" : "oval:org.mitre.oval:def:19272", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19272" - }, - { - "name" : "oval:org.mitre.oval:def:19430", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19430" - }, - { - "name" : "oval:org.mitre.oval:def:19505", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "SSRT101156", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "RHSA-2013:0236", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html" + }, + { + "name": "oval:org.mitre.oval:def:19430", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19430" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "SUSE-SU-2013:0478", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "RHSA-2013:0247", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html" + }, + { + "name": "oval:org.mitre.oval:def:16528", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16528" + }, + { + "name": "oval:org.mitre.oval:def:19505", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19505" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "57730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57730" + }, + { + "name": "openSUSE-SU-2013:0312", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" + }, + { + "name": "oval:org.mitre.oval:def:19272", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19272" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b" + }, + { + "name": "openSUSE-SU-2013:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" + }, + { + "name": "RHSA-2013:0246", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "HPSBUX02864", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "RHSA-2013:0245", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0599.json b/2013/0xxx/CVE-2013-0599.json index 626ab54affb..f367d2988b4 100644 --- a/2013/0xxx/CVE-2013-0599.json +++ b/2013/0xxx/CVE-2013-0599.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21637151", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21637151" - }, - { - "name" : "60107", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60107" - }, - { - "name" : "ibm-iehs-cve20130599-info-disclosure(83613)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60107", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60107" + }, + { + "name": "ibm-iehs-cve20130599-info-disclosure(83613)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83613" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21637151", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637151" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0631.json b/2013/0xxx/CVE-2013-0631.json index 88d848df025..b1b5bb0ead9 100644 --- a/2013/0xxx/CVE-2013-0631.json +++ b/2013/0xxx/CVE-2013-0631.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-0631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/advisories/apsa13-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa13-01.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-03.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" + }, + { + "name": "http://www.adobe.com/support/security/advisories/apsa13-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0744.json b/2013/0xxx/CVE-2013-0744.json index aff71740ce8..843878f8611 100644 --- a/2013/0xxx/CVE-2013-0744.json +++ b/2013/0xxx/CVE-2013-0744.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-05.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814713", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814713" - }, - { - "name" : "RHSA-2013:0144", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0144.html" - }, - { - "name" : "RHSA-2013:0145", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0145.html" - }, - { - "name" : "SUSE-SU-2013:0048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" - }, - { - "name" : "SUSE-SU-2013:0049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0131", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0149", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" - }, - { - "name" : "USN-1681-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-1" - }, - { - "name" : "USN-1681-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-2" - }, - { - "name" : "USN-1681-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-4" - }, - { - "name" : "oval:org.mitre.oval:def:17007", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17007", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007" + }, + { + "name": "SUSE-SU-2013:0048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" + }, + { + "name": "openSUSE-SU-2013:0131", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" + }, + { + "name": "RHSA-2013:0145", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" + }, + { + "name": "USN-1681-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-4" + }, + { + "name": "RHSA-2013:0144", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=814713", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814713" + }, + { + "name": "SUSE-SU-2013:0049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" + }, + { + "name": "USN-1681-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-05.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-05.html" + }, + { + "name": "openSUSE-SU-2013:0149", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" + }, + { + "name": "USN-1681-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-2" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0749.json b/2013/0xxx/CVE-2013-0749.json index d7fe9d15e1d..f465d402429 100644 --- a/2013/0xxx/CVE-2013-0749.json +++ b/2013/0xxx/CVE-2013-0749.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785358", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785358" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=794426", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=794426" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=805745", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=805745" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=805814", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=805814" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=808481", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=808481" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=812847", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=812847" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814407", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814407" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814839", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814839" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=816994", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=816994" - }, - { - "name" : "http://www.palemoon.org/releasenotes-ng.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.palemoon.org/releasenotes-ng.shtml" - }, - { - "name" : "SUSE-SU-2013:0048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" - }, - { - "name" : "SUSE-SU-2013:0049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0131", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0149", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" - }, - { - "name" : "USN-1681-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-1" - }, - { - "name" : "USN-1681-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-2" - }, - { - "name" : "USN-1681-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-4" - }, - { - "name" : "oval:org.mitre.oval:def:16953", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839" + }, + { + "name": "SUSE-SU-2013:0048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" + }, + { + "name": "openSUSE-SU-2013:0131", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" + }, + { + "name": "http://www.palemoon.org/releasenotes-ng.shtml", + "refsource": "CONFIRM", + "url": "http://www.palemoon.org/releasenotes-ng.shtml" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html" + }, + { + "name": "USN-1681-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-4" + }, + { + "name": "SUSE-SU-2013:0049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" + }, + { + "name": "USN-1681-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847" + }, + { + "name": "openSUSE-SU-2013:0149", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745" + }, + { + "name": "USN-1681-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-2" + }, + { + "name": "oval:org.mitre.oval:def:16953", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3024.json b/2013/3xxx/CVE-2013-3024.json index dea78b2e95d..2c7ce572305 100644 --- a/2013/3xxx/CVE-2013-3024.json +++ b/2013/3xxx/CVE-2013-3024.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?&uid=swg21639553", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?&uid=swg21639553" - }, - { - "name" : "was-cve20133024-priv-escalation(84362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "was-cve20133024-priv-escalation(84362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84362" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?&uid=swg21639553", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?&uid=swg21639553" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3241.json b/2013/3xxx/CVE-2013-3241.json index 803c25b14b6..30379cf2597 100644 --- a/2013/3xxx/CVE-2013-3241.json +++ b/2013/3xxx/CVE-2013-3241.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130424 [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130424 [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3621.json b/2013/3xxx/CVE-2013-3621.json index fa558c7a2a7..6c3a908ee5b 100644 --- a/2013/3xxx/CVE-2013-3621.json +++ b/2013/3xxx/CVE-2013-3621.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3621", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3621", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4386.json b/2013/4xxx/CVE-2013-4386.json index 35e7e8a86d6..efff6007c4e 100644 --- a/2013/4xxx/CVE-2013-4386.json +++ b/2013/4xxx/CVE-2013-4386.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.theforeman.org/issues/3160", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/3160" - }, - { - "name" : "https://groups.google.com/forum/#!topic/foreman-announce/GKMNXM66Z84", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/foreman-announce/GKMNXM66Z84" - }, - { - "name" : "RHSA-2013:1522", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1522.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!topic/foreman-announce/GKMNXM66Z84", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/foreman-announce/GKMNXM66Z84" + }, + { + "name": "http://projects.theforeman.org/issues/3160", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/3160" + }, + { + "name": "RHSA-2013:1522", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1522.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4388.json b/2013/4xxx/CVE-2013-4388.json index b306302ab81..1163a1d0c2d 100644 --- a/2013/4xxx/CVE-2013-4388.json +++ b/2013/4xxx/CVE-2013-4388.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130930 Re: CVE request: VLC", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/01/2" - }, - { - "name" : "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e" - }, - { - "name" : "http://www.videolan.org/developers/vlc-branch/NEWS", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/developers/vlc-branch/NEWS" - }, - { - "name" : "62724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62724" - }, - { - "name" : "oval:org.mitre.oval:def:18086", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086" - }, - { - "name" : "1029120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029120" - }, - { - "name" : "59793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:18086", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086" + }, + { + "name": "59793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59793" + }, + { + "name": "http://www.videolan.org/developers/vlc-branch/NEWS", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/developers/vlc-branch/NEWS" + }, + { + "name": "62724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62724" + }, + { + "name": "[oss-security] 20130930 Re: CVE request: VLC", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/01/2" + }, + { + "name": "1029120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029120" + }, + { + "name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4562.json b/2013/4xxx/CVE-2013-4562.json index 436af9f7054..a3adc8f4e3d 100644 --- a/2013/4xxx/CVE-2013-4562.json +++ b/2013/4xxx/CVE-2013-4562.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131112 CVE request: rubygem omniauth-facebook CSRF vurnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/264" - }, - { - "name" : "[oss-security] 20131112 Re: Re: CVE request: rubygem omniauth-facebook CSRF vurnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/267" - }, - { - "name" : "[ruby-security-ann] 20131114 [CVE-2013-4562] RubyGem omniauth-facebook CSRF vulnerability", - "refsource" : "MLIST", - "url" : "https://groups.google.com/d/msg/ruby-security-ann/-tJHNlTiPh4/9SJxdEWLIawJ" - }, - { - "name" : "http://osvdb.org/ref/99/omniauth-facebook_gem.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/99/omniauth-facebook_gem.txt" - }, - { - "name" : "https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7", - "refsource" : "CONFIRM", - "url" : "https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7" - }, - { - "name" : "99693", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/99693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131112 CVE request: rubygem omniauth-facebook CSRF vurnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/264" + }, + { + "name": "99693", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/99693" + }, + { + "name": "https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7", + "refsource": "CONFIRM", + "url": "https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7" + }, + { + "name": "[ruby-security-ann] 20131114 [CVE-2013-4562] RubyGem omniauth-facebook CSRF vulnerability", + "refsource": "MLIST", + "url": "https://groups.google.com/d/msg/ruby-security-ann/-tJHNlTiPh4/9SJxdEWLIawJ" + }, + { + "name": "http://osvdb.org/ref/99/omniauth-facebook_gem.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/99/omniauth-facebook_gem.txt" + }, + { + "name": "[oss-security] 20131112 Re: Re: CVE request: rubygem omniauth-facebook CSRF vurnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/267" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4835.json b/2013/4xxx/CVE-2013-4835.json index 2bbb8e473af..405777d6488 100644 --- a/2013/4xxx/CVE-2013-4835.json +++ b/2013/4xxx/CVE-2013-4835.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30473", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30473" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435" - }, - { - "name" : "HPSBMU02933", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435" - }, - { - "name" : "SSRT101126", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101126", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435" + }, + { + "name": "30473", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30473" + }, + { + "name": "HPSBMU02933", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4932.json b/2013/4xxx/CVE-2013-4932.json index 8db80913b43..8b6e4eebce5 100644 --- a/2013/4xxx/CVE-2013-4932.json +++ b/2013/4xxx/CVE-2013-4932.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_common.c?r1=50672&r2=50671&pathrev=50672", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_common.c?r1=50672&r2=50671&pathrev=50672" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50672", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50672" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2013-50.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2013-50.html" - }, - { - "name" : "DSA-2734", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2734" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "RHSA-2014:0341", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0341.html" - }, - { - "name" : "openSUSE-SU-2013:1295", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html" - }, - { - "name" : "openSUSE-SU-2013:1300", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html" - }, - { - "name" : "oval:org.mitre.oval:def:17260", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17260" - }, - { - "name" : "54178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54178" - }, - { - "name" : "54371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54371" - }, - { - "name" : "54296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54296" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54371" + }, + { + "name": "openSUSE-SU-2013:1300", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50672", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50672" + }, + { + "name": "54178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54178" + }, + { + "name": "RHSA-2014:0341", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "DSA-2734", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2734" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_common.c?r1=50672&r2=50671&pathrev=50672", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_common.c?r1=50672&r2=50671&pathrev=50672" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "oval:org.mitre.oval:def:17260", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17260" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2013-50.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2013-50.html" + }, + { + "name": "openSUSE-SU-2013:1295", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html" + }, + { + "name": "54296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54296" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7203.json b/2013/7xxx/CVE-2013-7203.json index 7db25fa76fc..5e92e63150b 100644 --- a/2013/7xxx/CVE-2013-7203.json +++ b/2013/7xxx/CVE-2013-7203.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2013-7203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131223 Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3", - "refsource" : "MLIST", - "url" : "https://marc.info/?l=oss-security&m=138783069700756&w=2" - }, - { - "name" : "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html", - "refsource" : "CONFIRM", - "url" : "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html" - }, - { - "name" : "FEDORA-2013-23953", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125611.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html", + "refsource": "CONFIRM", + "url": "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html" + }, + { + "name": "FEDORA-2013-23953", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125611.html" + }, + { + "name": "[oss-security] 20131223 Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3", + "refsource": "MLIST", + "url": "https://marc.info/?l=oss-security&m=138783069700756&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7426.json b/2013/7xxx/CVE-2013-7426.json index 11b06776a02..9316e957751 100644 --- a/2013/7xxx/CVE-2013-7426.json +++ b/2013/7xxx/CVE-2013-7426.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150212 Re: kamailio: multiple /tmp file vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/12/7" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712083", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712083" - }, - { - "name" : "100537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150212 Re: kamailio: multiple /tmp file vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/12/7" + }, + { + "name": "100537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100537" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712083", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712083" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10316.json b/2017/10xxx/CVE-2017-10316.json index 530124b0400..6b64cf43555 100644 --- a/2017/10xxx/CVE-2017-10316.json +++ b/2017/10xxx/CVE-2017-10316.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Suite8", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.10.1" - }, - { - "version_affected" : "=", - "version_value" : "8.10.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Suite8", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.10.1" + }, + { + "version_affected": "=", + "version_value": "8.10.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101346" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10751.json b/2017/10xxx/CVE-2017-10751.json index a84a3fe3e6e..d9f9b8d540d 100644 --- a/2017/10xxx/CVE-2017-10751.json +++ b/2017/10xxx/CVE-2017-10751.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12563.json b/2017/12xxx/CVE-2017-12563.json index 293b52b4f52..1ca90865e81 100644 --- a/2017/12xxx/CVE-2017-12563.json +++ b/2017/12xxx/CVE-2017-12563.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/599", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/599" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "100153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/599", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/599" + }, + { + "name": "100153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100153" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12619.json b/2017/12xxx/CVE-2017-12619.json index 03d009113d1..a330853180a 100644 --- a/2017/12xxx/CVE-2017-12619.json +++ b/2017/12xxx/CVE-2017-12619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12619", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12619", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12850.json b/2017/12xxx/CVE-2017-12850.json index 7cd5a5934d8..f4d64454971 100644 --- a/2017/12xxx/CVE-2017-12850.json +++ b/2017/12xxx/CVE-2017-12850.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae", - "refsource" : "CONFIRM", - "url" : "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae" - }, - { - "name" : "100352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae", + "refsource": "CONFIRM", + "url": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae" + }, + { + "name": "100352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100352" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12876.json b/2017/12xxx/CVE-2017-12876.json index 3f97b3eefa5..426da53a2ef 100644 --- a/2017/12xxx/CVE-2017-12876.json +++ b/2017/12xxx/CVE-2017-12876.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170816 imagemagick: heap-based buffer overflow in .omp_outlined..32 (enhance.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/08/16/3" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e" - }, - { - "name" : "GLSA-201711-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-07" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/" + }, + { + "name": "[oss-security] 20170816 imagemagick: heap-based buffer overflow in .omp_outlined..32 (enhance.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/08/16/3" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e" + }, + { + "name": "GLSA-201711-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-07" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13141.json b/2017/13xxx/CVE-2017-13141.json index a3df5289813..3f29c848bc4 100644 --- a/2017/13xxx/CVE-2017-13141.json +++ b/2017/13xxx/CVE-2017-13141.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/600", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/600" - }, - { - "name" : "DSA-4019", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4019" - }, - { - "name" : "GLSA-201711-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-07" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201711-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-07" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/600", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/600" + }, + { + "name": "DSA-4019", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4019" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13664.json b/2017/13xxx/CVE-2017-13664.json index bc6a36b26ce..9ea7bd887d7 100644 --- a/2017/13xxx/CVE-2017-13664.json +++ b/2017/13xxx/CVE-2017-13664.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/", - "refsource" : "MISC", - "url" : "https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/", + "refsource": "MISC", + "url": "https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13789.json b/2017/13xxx/CVE-2017-13789.json index 6b072635187..39278a1c69a 100644 --- a/2017/13xxx/CVE-2017-13789.json +++ b/2017/13xxx/CVE-2017-13789.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208223", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208223" - }, - { - "name" : "1039706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039706" + }, + { + "name": "https://support.apple.com/HT208223", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208223" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16326.json b/2017/16xxx/CVE-2017-16326.json index 5164e292ab7..d755206a62d 100644 --- a/2017/16xxx/CVE-2017-16326.json +++ b/2017/16xxx/CVE-2017-16326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16852.json b/2017/16xxx/CVE-2017-16852.json index 5dbdfe91be2..0731d35996f 100644 --- a/2017/16xxx/CVE-2017-16852.json +++ b/2017/16xxx/CVE-2017-16852.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171118 [SECURITY] [DLA 1179-1] shibboleth-sp2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00025.html" - }, - { - "name" : "https://bugs.debian.org/881857", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/881857" - }, - { - "name" : "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16", - "refsource" : "CONFIRM", - "url" : "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16" - }, - { - "name" : "https://shibboleth.net/community/advisories/secadv_20171115.txt", - "refsource" : "CONFIRM", - "url" : "https://shibboleth.net/community/advisories/secadv_20171115.txt" - }, - { - "name" : "DSA-4038", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/881857", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/881857" + }, + { + "name": "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16", + "refsource": "CONFIRM", + "url": "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16" + }, + { + "name": "https://shibboleth.net/community/advisories/secadv_20171115.txt", + "refsource": "CONFIRM", + "url": "https://shibboleth.net/community/advisories/secadv_20171115.txt" + }, + { + "name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1179-1] shibboleth-sp2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00025.html" + }, + { + "name": "DSA-4038", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4038" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17006.json b/2017/17xxx/CVE-2017-17006.json index a4aedf4e03f..554afec30ce 100644 --- a/2017/17xxx/CVE-2017-17006.json +++ b/2017/17xxx/CVE-2017-17006.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17006", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17006", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17112.json b/2017/17xxx/CVE-2017-17112.json index b43cd8ee8cb..c297ced0108 100644 --- a/2017/17xxx/CVE-2017-17112.json +++ b/2017/17xxx/CVE-2017-17112.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Pool_Corruption_1", - "refsource" : "MISC", - "url" : "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Pool_Corruption_1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Pool_Corruption_1", + "refsource": "MISC", + "url": "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Pool_Corruption_1" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17268.json b/2017/17xxx/CVE-2017-17268.json index 0623dc87b40..7f97ad3f8af 100644 --- a/2017/17xxx/CVE-2017-17268.json +++ b/2017/17xxx/CVE-2017-17268.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17268", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17268", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17762.json b/2017/17xxx/CVE-2017-17762.json index db2ee240f37..973c16c051d 100644 --- a/2017/17xxx/CVE-2017-17762.json +++ b/2017/17xxx/CVE-2017-17762.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa", - "refsource" : "MISC", - "url" : "https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa" - }, - { - "name" : "https://kryptera.se/sarbarhet-i-episerver/", - "refsource" : "MISC", - "url" : "https://kryptera.se/sarbarhet-i-episerver/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa", + "refsource": "MISC", + "url": "https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa" + }, + { + "name": "https://kryptera.se/sarbarhet-i-episerver/", + "refsource": "MISC", + "url": "https://kryptera.se/sarbarhet-i-episerver/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17932.json b/2017/17xxx/CVE-2017-17932.json index d93ba339bfa..08fcb4898b5 100644 --- a/2017/17xxx/CVE-2017-17932.json +++ b/2017/17xxx/CVE-2017-17932.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43406", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43406/" - }, - { - "name" : "43407", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43407/" - }, - { - "name" : "43523", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43523/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43523", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43523/" + }, + { + "name": "43407", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43407/" + }, + { + "name": "43406", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43406/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18742.json b/2018/18xxx/CVE-2018-18742.json index b67cef8610a..d5981486b4f 100644 --- a/2018/18xxx/CVE-2018-18742.json +++ b/2018/18xxx/CVE-2018-18742.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/SEMCMS/blob/master/CSRF.md", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/SEMCMS/blob/master/CSRF.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/SEMCMS/blob/master/CSRF.md", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/SEMCMS/blob/master/CSRF.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18842.json b/2018/18xxx/CVE-2018-18842.json index a1eafbc7e8f..87a1be03924 100644 --- a/2018/18xxx/CVE-2018-18842.json +++ b/2018/18xxx/CVE-2018-18842.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zblogcn/zblogphp/files/2524853/CSRF.Vulnerability.exists.in.the.file.of.Z-BLOG.1.5.2.1935.docx", - "refsource" : "MISC", - "url" : "https://github.com/zblogcn/zblogphp/files/2524853/CSRF.Vulnerability.exists.in.the.file.of.Z-BLOG.1.5.2.1935.docx" - }, - { - "name" : "https://github.com/zblogcn/zblogphp/issues/201", - "refsource" : "MISC", - "url" : "https://github.com/zblogcn/zblogphp/issues/201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zblogcn/zblogphp/files/2524853/CSRF.Vulnerability.exists.in.the.file.of.Z-BLOG.1.5.2.1935.docx", + "refsource": "MISC", + "url": "https://github.com/zblogcn/zblogphp/files/2524853/CSRF.Vulnerability.exists.in.the.file.of.Z-BLOG.1.5.2.1935.docx" + }, + { + "name": "https://github.com/zblogcn/zblogphp/issues/201", + "refsource": "MISC", + "url": "https://github.com/zblogcn/zblogphp/issues/201" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19407.json b/2018/19xxx/CVE-2018-19407.json index c26cefbc314..cc2e8d63e42 100644 --- a/2018/19xxx/CVE-2018-19407.json +++ b/2018/19xxx/CVE-2018-19407.json @@ -1,112 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lkml.org/lkml/2018/11/20/580", - "refsource" : "MISC", - "url" : "https://lkml.org/lkml/2018/11/20/580" - }, - { - "name" : "USN-3871-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-1/" - }, - { - "name" : "USN-3872-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3872-1/" - }, - { - "name" : "USN-3871-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-3/" - }, - { - "name" : "USN-3871-4", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-4/" - }, - { - "name" : "USN-3878-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3878-1/" - }, - { - "name" : "USN-3879-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3879-1/" - }, - { - "name" : "USN-3879-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3879-2/" - }, - { - "name" : "USN-3871-5", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-5/" - }, - { - "name" : "USN-3878-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3878-2/" - }, - { - "name" : "105987", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3879-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3879-2/" + }, + { + "name": "USN-3872-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3872-1/" + }, + { + "name": "USN-3878-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3878-1/" + }, + { + "name": "USN-3879-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3879-1/" + }, + { + "name": "USN-3871-5", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-5/" + }, + { + "name": "USN-3878-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3878-2/" + }, + { + "name": "USN-3871-4", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-4/" + }, + { + "name": "105987", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105987" + }, + { + "name": "USN-3871-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-1/" + }, + { + "name": "USN-3871-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-3/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + }, + { + "name": "https://lkml.org/lkml/2018/11/20/580", + "refsource": "MISC", + "url": "https://lkml.org/lkml/2018/11/20/580" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19505.json b/2018/19xxx/CVE-2018-19505.json index d52bdb3fcf7..e73dff1b58e 100644 --- a/2018/19xxx/CVE-2018-19505.json +++ b/2018/19xxx/CVE-2018-19505.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181127 CVE-2018-19505 - Impersonation may lead to incorrect user context in Remedy AR System Server in BMC Remedy 7.1", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Nov/62" - }, - { - "name" : "http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html" - }, - { - "name" : "1042177", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042177", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042177" + }, + { + "name": "http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html" + }, + { + "name": "20181127 CVE-2018-19505 - Impersonation may lead to incorrect user context in Remedy AR System Server in BMC Remedy 7.1", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Nov/62" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19531.json b/2018/19xxx/CVE-2018-19531.json index bbdc14cf380..22a080d8796 100644 --- a/2018/19xxx/CVE-2018-19531.json +++ b/2018/19xxx/CVE-2018-19531.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/httl/httl/issues/224", - "refsource" : "MISC", - "url" : "https://github.com/httl/httl/issues/224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/httl/httl/issues/224", + "refsource": "MISC", + "url": "https://github.com/httl/httl/issues/224" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19637.json b/2018/19xxx/CVE-2018-19637.json index 59a8b6deee2..1a02bfd6823 100644 --- a/2018/19xxx/CVE-2018-19637.json +++ b/2018/19xxx/CVE-2018-19637.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.de", - "DATE_PUBLIC" : "2019-02-21T00:00:00.000Z", - "ID" : "CVE-2018-19637", - "STATE" : "PUBLIC", - "TITLE" : "Static temporary filename allows overwriting of files" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "supportutils", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "3.1-5.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "SUSE" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Vítězslav Čížek of SUSE" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection" - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 2.8, - "baseSeverity" : "LOW", - "confidentialityImpact" : "NONE", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-377" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-02-21T00:00:00.000Z", + "ID": "CVE-2018-19637", + "STATE": "PUBLIC", + "TITLE": "Static temporary filename allows overwriting of files" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "supportutils", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "3.1-5.7.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1117776", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1117776" - } - ] - }, - "source" : { - "advisory" : "https://bugzilla.suse.com/show_bug.cgi?id=1117776", - "defect" : [ - "1117776" - ], - "discovery" : "INTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "V\u00edt\u011bzslav \u010c\u00ed\u017eek of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.8, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-377" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1117776", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1117776" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1117776", + "defect": [ + "1117776" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1144.json b/2018/1xxx/CVE-2018-1144.json index 05513e36796..3987e65fede 100644 --- a/2018/1xxx/CVE-2018-1144.json +++ b/2018/1xxx/CVE-2018-1144.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-04-16T00:00:00", - "ID" : "CVE-2018-1144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103)", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware 1.10.22?" - } - ] - } - } - ] - }, - "vendor_name" : "Belkin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-04-16T00:00:00", + "ID": "CVE-2018-1144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103)", + "version": { + "version_data": [ + { + "version_value": "Firmware 1.10.22?" + } + ] + } + } + ] + }, + "vendor_name": "Belkin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-08", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-08" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-08", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-08" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1196.json b/2018/1xxx/CVE-2018-1196.json index 39ca8944983..669896de63b 100644 --- a/2018/1xxx/CVE-2018-1196.json +++ b/2018/1xxx/CVE-2018-1196.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-01-30T00:00:00", - "ID" : "CVE-2018-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spring Boot", - "version" : { - "version_data" : [ - { - "version_value" : "1.5.0 - 1.5.9" - }, - { - "version_value" : "2.0.0.M1 - 2.0.0.M7" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the \"run_user\" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the \"run_user\" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-01-30T00:00:00", + "ID": "CVE-2018-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Boot", + "version": { + "version_data": [ + { + "version_value": "1.5.0 - 1.5.9" + }, + { + "version_value": "2.0.0.M1 - 2.0.0.M7" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-1196", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-1196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the \"run_user\" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the \"run_user\" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2018-1196", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-1196" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1671.json b/2018/1xxx/CVE-2018-1671.json index 2d00f3b35cf..104b9b5b22f 100644 --- a/2018/1xxx/CVE-2018-1671.json +++ b/2018/1xxx/CVE-2018-1671.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2018-1671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10739019", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10739019" - }, - { - "name" : "106202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106202" - }, - { - "name" : "ibm-curam-cve20181671-html-injection(144951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10739019", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10739019" + }, + { + "name": "ibm-curam-cve20181671-html-injection(144951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144951" + }, + { + "name": "106202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106202" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1802.json b/2018/1xxx/CVE-2018-1802.json index abf7a483ac0..30f74baf4b0 100644 --- a/2018/1xxx/CVE-2018-1802.json +++ b/2018/1xxx/CVE-2018-1802.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-11-07T00:00:00", - "ID" : "CVE-2018-1802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux, UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "9.7" - }, - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "H", - "PR" : "N", - "S" : "U", - "SCORE" : "8.400", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-11-07T00:00:00", + "ID": "CVE-2018-1802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "10.1" + }, + { + "version_value": "9.7" + }, + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733122", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733122" - }, - { - "name" : "105962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105962" - }, - { - "name" : "1042082", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042082" - }, - { - "name" : "ibm-db2-cve20181802-priv-escalation(149640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "AV": "L", + "C": "H", + "I": "H", + "PR": "N", + "S": "U", + "SCORE": "8.400", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105962" + }, + { + "name": "ibm-db2-cve20181802-priv-escalation(149640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149640" + }, + { + "name": "1042082", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042082" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733122", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733122" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5040.json b/2018/5xxx/CVE-2018-5040.json index 905d3e5f31e..e7e91438d39 100644 --- a/2018/5xxx/CVE-2018-5040.json +++ b/2018/5xxx/CVE-2018-5040.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5525.json b/2018/5xxx/CVE-2018-5525.json index b68dd00431b..4580859c12b 100644 --- a/2018/5xxx/CVE-2018-5525.json +++ b/2018/5xxx/CVE-2018-5525.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-05-30T00:00:00", - "ID" : "CVE-2018-5525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - }, - { - "version_value" : "12.1.0-12.1.2" - }, - { - "version_value" : "11.6.1-11.6.3.1" - }, - { - "version_value" : "11.5.1-11.5.5" - }, - { - "version_value" : "11.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data leak" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-05-30T00:00:00", + "ID": "CVE-2018-5525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + }, + { + "version_value": "12.1.0-12.1.2" + }, + { + "version_value": "11.6.1-11.6.3.1" + }, + { + "version_value": "11.5.1-11.5.5" + }, + { + "version_value": "11.2.1" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K00363258", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K00363258" - }, - { - "name" : "1041018", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K00363258", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K00363258" + }, + { + "name": "1041018", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041018" + } + ] + } +} \ No newline at end of file