From c7f81bfaac4830a10973670d2ee1fb056265fceb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:55:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0576.json | 140 +++++++------- 2001/0xxx/CVE-2001-0739.json | 140 +++++++------- 2001/0xxx/CVE-2001-0923.json | 150 +++++++-------- 2008/0xxx/CVE-2008-0127.json | 220 +++++++++++----------- 2008/1xxx/CVE-2008-1222.json | 170 ++++++++--------- 2008/1xxx/CVE-2008-1955.json | 140 +++++++------- 2008/5xxx/CVE-2008-5189.json | 160 ++++++++-------- 2008/5xxx/CVE-2008-5394.json | 230 +++++++++++------------ 2008/5xxx/CVE-2008-5540.json | 150 +++++++-------- 2008/5xxx/CVE-2008-5659.json | 140 +++++++------- 2008/5xxx/CVE-2008-5895.json | 150 +++++++-------- 2011/2xxx/CVE-2011-2362.json | 270 +++++++++++++-------------- 2013/0xxx/CVE-2013-0108.json | 120 ++++++------ 2013/0xxx/CVE-2013-0740.json | 140 +++++++------- 2013/0xxx/CVE-2013-0970.json | 120 ++++++------ 2013/1xxx/CVE-2013-1012.json | 160 ++++++++-------- 2013/3xxx/CVE-2013-3003.json | 130 ++++++------- 2013/3xxx/CVE-2013-3152.json | 140 +++++++------- 2013/3xxx/CVE-2013-3197.json | 140 +++++++------- 2013/4xxx/CVE-2013-4379.json | 150 +++++++-------- 2013/4xxx/CVE-2013-4708.json | 150 +++++++-------- 2013/4xxx/CVE-2013-4976.json | 34 ++-- 2013/7xxx/CVE-2013-7126.json | 34 ++-- 2017/12xxx/CVE-2017-12139.json | 130 ++++++------- 2017/12xxx/CVE-2017-12711.json | 130 ++++++------- 2017/12xxx/CVE-2017-12858.json | 130 ++++++------- 2017/12xxx/CVE-2017-12948.json | 120 ++++++------ 2017/13xxx/CVE-2017-13086.json | 326 ++++++++++++++++----------------- 2017/13xxx/CVE-2017-13476.json | 34 ++-- 2017/13xxx/CVE-2017-13764.json | 160 ++++++++-------- 2017/13xxx/CVE-2017-13828.json | 130 ++++++------- 2017/13xxx/CVE-2017-13956.json | 34 ++-- 2017/16xxx/CVE-2017-16589.json | 130 ++++++------- 2017/16xxx/CVE-2017-16863.json | 132 ++++++------- 2017/17xxx/CVE-2017-17968.json | 120 ++++++------ 2018/18xxx/CVE-2018-18030.json | 34 ++-- 2018/18xxx/CVE-2018-18406.json | 34 ++-- 2018/18xxx/CVE-2018-18633.json | 34 ++-- 2018/18xxx/CVE-2018-18852.json | 34 ++-- 2018/18xxx/CVE-2018-18863.json | 34 ++-- 2018/18xxx/CVE-2018-18969.json | 34 ++-- 2018/19xxx/CVE-2018-19263.json | 34 ++-- 2018/19xxx/CVE-2018-19788.json | 170 ++++++++--------- 2018/1xxx/CVE-2018-1033.json | 34 ++-- 2018/1xxx/CVE-2018-1058.json | 182 +++++++++--------- 2018/1xxx/CVE-2018-1083.json | 192 +++++++++---------- 2018/1xxx/CVE-2018-1141.json | 132 ++++++------- 2018/1xxx/CVE-2018-1186.json | 152 +++++++-------- 2018/1xxx/CVE-2018-1764.json | 226 +++++++++++------------ 2018/5xxx/CVE-2018-5096.json | 234 +++++++++++------------ 2018/5xxx/CVE-2018-5308.json | 120 ++++++------ 2018/5xxx/CVE-2018-5597.json | 34 ++-- 52 files changed, 3334 insertions(+), 3334 deletions(-) diff --git a/2001/0xxx/CVE-2001-0576.json b/2001/0xxx/CVE-2001-0576.json index 32f87da1d72..b0b405c4c62 100644 --- a/2001/0xxx/CVE-2001-0576.json +++ b/2001/0xxx/CVE-2001-0576.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010327 SCO 5.0.6 issues (lpusers) ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0407.html" - }, - { - "name" : "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes", - "refsource" : "BUGTRAQ", - "url" : "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html" - }, - { - "name" : "sco-openserver-lpusers-bo(6292)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20010327 SCO 5.0.6 issues (lpusers)", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0407.html" + }, + { + "name": "sco-openserver-lpusers-bo(6292)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6292" + }, + { + "name": "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes", + "refsource": "BUGTRAQ", + "url": "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0739.json b/2001/0xxx/CVE-2001-0739.json index 5606f599ef4..2e2a65898a7 100644 --- a/2001/0xxx/CVE-2001-0739.json +++ b/2001/0xxx/CVE-2001-0739.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2001:126", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-126.html" - }, - { - "name" : "ESA-20010529-02", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/other_advisory-1404.html" - }, - { - "name" : "linux-webtool-inherit-privileges(7404)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ESA-20010529-02", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/other_advisory-1404.html" + }, + { + "name": "RHSA-2001:126", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-126.html" + }, + { + "name": "linux-webtool-inherit-privileges(7404)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7404" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0923.json b/2001/0xxx/CVE-2001-0923.json index 1dc268d77ef..3b04cc92e97 100644 --- a/2001/0xxx/CVE-2001-0923.json +++ b/2001/0xxx/CVE-2001-0923.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011025 Advisory: Corrupt RPM Query Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/222542" - }, - { - "name" : "CLA-2001:440", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000440" - }, - { - "name" : "3472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3472" - }, - { - "name" : "Linux-rpm-execute-code(7349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011025 Advisory: Corrupt RPM Query Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/222542" + }, + { + "name": "CLA-2001:440", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000440" + }, + { + "name": "Linux-rpm-execute-code(7349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7349" + }, + { + "name": "3472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3472" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0127.json b/2008/0xxx/CVE-2008-0127.json index a211097477f..530b90844b0 100644 --- a/2008/0xxx/CVE-2008-0127.json +++ b/2008/0xxx/CVE-2008-0127.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080109 [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485992/100/0/threaded" - }, - { - "name" : "20080109 [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486035/100/0/threaded" - }, - { - "name" : "4878", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4878" - }, - { - "name" : "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472", - "refsource" : "CONFIRM", - "url" : "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472" - }, - { - "name" : "27197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27197" - }, - { - "name" : "ADV-2008-0087", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0087" - }, - { - "name" : "1019170", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019170" - }, - { - "name" : "28408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28408" - }, - { - "name" : "3530", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3530" - }, - { - "name" : "mcafee-ebusiness-packet-code-execution(39563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39563" - }, - { - "name" : "mcafee-ebusiness-authentication-packet-dos(39561)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4878", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4878" + }, + { + "name": "3530", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3530" + }, + { + "name": "ADV-2008-0087", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0087" + }, + { + "name": "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472", + "refsource": "CONFIRM", + "url": "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472" + }, + { + "name": "mcafee-ebusiness-authentication-packet-dos(39561)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39561" + }, + { + "name": "20080109 [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486035/100/0/threaded" + }, + { + "name": "28408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28408" + }, + { + "name": "1019170", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019170" + }, + { + "name": "mcafee-ebusiness-packet-code-execution(39563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39563" + }, + { + "name": "20080109 [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485992/100/0/threaded" + }, + { + "name": "27197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27197" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1222.json b/2008/1xxx/CVE-2008-1222.json index 1a96eb27b20..a72e46f83d5 100644 --- a/2008/1xxx/CVE-2008-1222.json +++ b/2008/1xxx/CVE-2008-1222.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.dokeos.com/index.php?do=details&task_id=2312", - "refsource" : "CONFIRM", - "url" : "http://projects.dokeos.com/index.php?do=details&task_id=2312" - }, - { - "name" : "http://www.dokeos.com/wiki/index.php/Security", - "refsource" : "CONFIRM", - "url" : "http://www.dokeos.com/wiki/index.php/Security" - }, - { - "name" : "28121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28121" - }, - { - "name" : "ADV-2008-0798", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0798" - }, - { - "name" : "29254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29254" - }, - { - "name" : "dokeos-unspecified-xss(41046)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0798", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0798" + }, + { + "name": "29254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29254" + }, + { + "name": "28121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28121" + }, + { + "name": "http://projects.dokeos.com/index.php?do=details&task_id=2312", + "refsource": "CONFIRM", + "url": "http://projects.dokeos.com/index.php?do=details&task_id=2312" + }, + { + "name": "dokeos-unspecified-xss(41046)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41046" + }, + { + "name": "http://www.dokeos.com/wiki/index.php/Security", + "refsource": "CONFIRM", + "url": "http://www.dokeos.com/wiki/index.php/Security" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1955.json b/2008/1xxx/CVE-2008-1955.json index 3243bf912fc..17e843dfd74 100644 --- a/2008/1xxx/CVE-2008-1955.json +++ b/2008/1xxx/CVE-2008-1955.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.z0rlu.ownspace.org/index.php?/archives/52-MyBoard-1.0.12-XSS.html", - "refsource" : "MISC", - "url" : "http://www.z0rlu.ownspace.org/index.php?/archives/52-MyBoard-1.0.12-XSS.html" - }, - { - "name" : "28823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28823" - }, - { - "name" : "myboard-rep-xss(42024)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.z0rlu.ownspace.org/index.php?/archives/52-MyBoard-1.0.12-XSS.html", + "refsource": "MISC", + "url": "http://www.z0rlu.ownspace.org/index.php?/archives/52-MyBoard-1.0.12-XSS.html" + }, + { + "name": "28823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28823" + }, + { + "name": "myboard-rep-xss(42024)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42024" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5189.json b/2008/5xxx/CVE-2008-5189.json index aec22f67cd4..49691cc922d 100644 --- a/2008/5xxx/CVE-2008-5189.json +++ b/2008/5xxx/CVE-2008-5189.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d", - "refsource" : "CONFIRM", - "url" : "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d" - }, - { - "name" : "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing" - }, - { - "name" : "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk" - }, - { - "name" : "SUSE-SR:2008:027", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" - }, - { - "name" : "32359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d", + "refsource": "CONFIRM", + "url": "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d" + }, + { + "name": "32359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32359" + }, + { + "name": "SUSE-SR:2008:027", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" + }, + { + "name": "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing" + }, + { + "name": "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5394.json b/2008/5xxx/CVE-2008-5394.json index a9aa4c7ee94..7f6cb0a62a4 100644 --- a/2008/5xxx/CVE-2008-5394.json +++ b/2008/5xxx/CVE-2008-5394.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081130 /bin/login gives root to group utmp", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498769/100/0/threaded" - }, - { - "name" : "7313", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7313" - }, - { - "name" : "http://bugs.debian.org/332198", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/332198" - }, - { - "name" : "http://bugs.debian.org/505071", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/505071" - }, - { - "name" : "http://bugs.debian.org/505271", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/505271" - }, - { - "name" : "GLSA-200903-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-24.xml" - }, - { - "name" : "MDVSA-2009:062", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:062" - }, - { - "name" : "USN-695-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-695-1" - }, - { - "name" : "32552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32552" - }, - { - "name" : "52200", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52200" - }, - { - "name" : "4695", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4695" - }, - { - "name" : "debian-login-symlink(47037)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52200", + "refsource": "OSVDB", + "url": "http://osvdb.org/52200" + }, + { + "name": "http://bugs.debian.org/505271", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/505271" + }, + { + "name": "32552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32552" + }, + { + "name": "http://bugs.debian.org/332198", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/332198" + }, + { + "name": "debian-login-symlink(47037)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47037" + }, + { + "name": "GLSA-200903-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-24.xml" + }, + { + "name": "MDVSA-2009:062", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:062" + }, + { + "name": "20081130 /bin/login gives root to group utmp", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498769/100/0/threaded" + }, + { + "name": "7313", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7313" + }, + { + "name": "4695", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4695" + }, + { + "name": "http://bugs.debian.org/505071", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/505071" + }, + { + "name": "USN-695-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-695-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5540.json b/2008/5xxx/CVE-2008-5540.json index 16dcf9aea35..82d5bd8f726 100644 --- a/2008/5xxx/CVE-2008-5540.json +++ b/2008/5xxx/CVE-2008-5540.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded" - }, - { - "name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded" - }, - { - "name" : "4723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4723" - }, - { - "name" : "multiple-antivirus-mzheader-code-execution(47435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-antivirus-mzheader-code-execution(47435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" + }, + { + "name": "4723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4723" + }, + { + "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded" + }, + { + "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5659.json b/2008/5xxx/CVE-2008-5659.json index d4f9e3d8b78..a452210b170 100644 --- a/2008/5xxx/CVE-2008-5659.json +++ b/2008/5xxx/CVE-2008-5659.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/12/06/2" - }, - { - "name" : "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417", - "refsource" : "CONFIRM", - "url" : "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417" - }, - { - "name" : "classpath-gnujavasecurityutil-weak-security(47574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "classpath-gnujavasecurityutil-weak-security(47574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574" + }, + { + "name": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417", + "refsource": "CONFIRM", + "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417" + }, + { + "name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5895.json b/2008/5xxx/CVE-2008-5895.json index 3bb8a731ced..8a8c5ba1f5c 100644 --- a/2008/5xxx/CVE-2008-5895.json +++ b/2008/5xxx/CVE-2008-5895.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7476", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7476" - }, - { - "name" : "32836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32836" - }, - { - "name" : "33176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33176" - }, - { - "name" : "4905", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4905", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4905" + }, + { + "name": "32836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32836" + }, + { + "name": "7476", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7476" + }, + { + "name": "33176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33176" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2362.json b/2011/2xxx/CVE-2011-2362.json index 5778d46c6f2..f684f4832d1 100644 --- a/2011/2xxx/CVE-2011-2362.json +++ b/2011/2xxx/CVE-2011-2362.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-24.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=616264", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=616264" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100144854", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144854" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100145333", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100145333" - }, - { - "name" : "DSA-2268", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2268" - }, - { - "name" : "DSA-2269", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2269" - }, - { - "name" : "DSA-2273", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2273" - }, - { - "name" : "MDVSA-2011:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111" - }, - { - "name" : "RHSA-2011:0885", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0885.html" - }, - { - "name" : "RHSA-2011:0886", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0886.html" - }, - { - "name" : "RHSA-2011:0887", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0887.html" - }, - { - "name" : "RHSA-2011:0888", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0888.html" - }, - { - "name" : "SUSE-SA:2011:028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" - }, - { - "name" : "USN-1149-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1149-1" - }, - { - "name" : "oval:org.mitre.oval:def:13693", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13693" - }, - { - "name" : "45002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111" + }, + { + "name": "45002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45002" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100145333", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100145333" + }, + { + "name": "USN-1149-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1149-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-24.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-24.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144854", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144854" + }, + { + "name": "RHSA-2011:0887", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0887.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=616264", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=616264" + }, + { + "name": "RHSA-2011:0885", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0885.html" + }, + { + "name": "DSA-2268", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2268" + }, + { + "name": "RHSA-2011:0888", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0888.html" + }, + { + "name": "oval:org.mitre.oval:def:13693", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13693" + }, + { + "name": "DSA-2269", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2269" + }, + { + "name": "SUSE-SA:2011:028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" + }, + { + "name": "RHSA-2011:0886", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0886.html" + }, + { + "name": "DSA-2273", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2273" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0108.json b/2013/0xxx/CVE-2013-0108.json index df9c38215b2..22f5ac61b84 100644 --- a/2013/0xxx/CVE-2013-0108.json +++ b/2013/0xxx/CVE-2013-0108.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-0108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0740.json b/2013/0xxx/CVE-2013-0740.json index 4f060af44a6..23a32411321 100644 --- a/2013/0xxx/CVE-2013-0740.json +++ b/2013/0xxx/CVE-2013-0740.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-0740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "61383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61383" - }, - { - "name" : "95545", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95545" - }, - { - "name" : "52742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52742" + }, + { + "name": "95545", + "refsource": "OSVDB", + "url": "http://osvdb.org/95545" + }, + { + "name": "61383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61383" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0970.json b/2013/0xxx/CVE-2013-0970.json index efefb2bb1ab..d83b58a5a49 100644 --- a/2013/0xxx/CVE-2013-0970.json +++ b/2013/0xxx/CVE-2013-0970.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2013-03-14-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-03-14-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1012.json b/2013/1xxx/CVE-2013-1012.json index b0071f2f76d..98196549e9e 100644 --- a/2013/1xxx/CVE-2013-1012.json +++ b/2013/1xxx/CVE-2013-1012.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-1012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5785", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5785" - }, - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "APPLE-SA-2013-06-04-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5785", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5785" + }, + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "APPLE-SA-2013-06-04-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3003.json b/2013/3xxx/CVE-2013-3003.json index 5e9d0f3e473..f291c502fc5 100644 --- a/2013/3xxx/CVE-2013-3003.json +++ b/2013/3xxx/CVE-2013-3003.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21641655", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21641655" - }, - { - "name" : "ims-cve20133003-command-injection(84129)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21641655", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641655" + }, + { + "name": "ims-cve20133003-command-injection(84129)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84129" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3152.json b/2013/3xxx/CVE-2013-3152.json index eef0cafb7b7..f205f85f669 100644 --- a/2013/3xxx/CVE-2013-3152.json +++ b/2013/3xxx/CVE-2013-3152.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3146." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-055", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" - }, - { - "name" : "TA13-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" - }, - { - "name" : "oval:org.mitre.oval:def:16975", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3146." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-055", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" + }, + { + "name": "TA13-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-190A" + }, + { + "name": "oval:org.mitre.oval:def:16975", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16975" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3197.json b/2013/3xxx/CVE-2013-3197.json index cdb1531515a..d5a02ab7591 100644 --- a/2013/3xxx/CVE-2013-3197.json +++ b/2013/3xxx/CVE-2013-3197.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka \"Windows Kernel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3196 and CVE-2013-3198." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-063", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-063" - }, - { - "name" : "TA13-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A" - }, - { - "name" : "oval:org.mitre.oval:def:18364", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka \"Windows Kernel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3196 and CVE-2013-3198." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-063", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-063" + }, + { + "name": "oval:org.mitre.oval:def:18364", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18364" + }, + { + "name": "TA13-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-225A" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4379.json b/2013/4xxx/CVE-2013-4379.json index 5cd935be32b..5af50ee9e57 100644 --- a/2013/4xxx/CVE-2013-4379.json +++ b/2013/4xxx/CVE-2013-4379.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130927 Re: CVE request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/27/6" - }, - { - "name" : "https://drupal.org/node/2081637", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2081637" - }, - { - "name" : "https://drupal.org/node/2081647", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2081647" - }, - { - "name" : "54634", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drupal.org/node/2081637", + "refsource": "MISC", + "url": "https://drupal.org/node/2081637" + }, + { + "name": "https://drupal.org/node/2081647", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2081647" + }, + { + "name": "54634", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54634" + }, + { + "name": "[oss-security] 20130927 Re: CVE request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/27/6" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4708.json b/2013/4xxx/CVE-2013-4708.json index 5c6dff1cbb7..5ce2a0cbb94 100644 --- a/2013/4xxx/CVE-2013-4708.json +++ b/2013/4xxx/CVE-2013-4708.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-4708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.seil.jp/support/security/a01388.html", - "refsource" : "CONFIRM", - "url" : "http://www.seil.jp/support/security/a01388.html" - }, - { - "name" : "JVN#40079308", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN40079308/index.html" - }, - { - "name" : "JVNDB-2013-000091", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000091.html" - }, - { - "name" : "97619", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.seil.jp/support/security/a01388.html", + "refsource": "CONFIRM", + "url": "http://www.seil.jp/support/security/a01388.html" + }, + { + "name": "JVN#40079308", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN40079308/index.html" + }, + { + "name": "97619", + "refsource": "OSVDB", + "url": "http://osvdb.org/97619" + }, + { + "name": "JVNDB-2013-000091", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000091.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4976.json b/2013/4xxx/CVE-2013-4976.json index 40a48dbd0ab..dc1c538f2f8 100644 --- a/2013/4xxx/CVE-2013-4976.json +++ b/2013/4xxx/CVE-2013-4976.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4976", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4976", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7126.json b/2013/7xxx/CVE-2013-7126.json index c9a0535f19b..b08a870abcd 100644 --- a/2013/7xxx/CVE-2013-7126.json +++ b/2013/7xxx/CVE-2013-7126.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7126", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-7126", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12139.json b/2017/12xxx/CVE-2017-12139.json index 5e272b0f505..1aba446ce26 100644 --- a/2017/12xxx/CVE-2017-12139.json +++ b/2017/12xxx/CVE-2017-12139.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/XOOPS/XoopsCore25/issues/524", - "refsource" : "CONFIRM", - "url" : "https://github.com/XOOPS/XoopsCore25/issues/524" - }, - { - "name" : "100094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/XOOPS/XoopsCore25/issues/524", + "refsource": "CONFIRM", + "url": "https://github.com/XOOPS/XoopsCore25/issues/524" + }, + { + "name": "100094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100094" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12711.json b/2017/12xxx/CVE-2017-12711.json index e94c347f5cd..6d69c5e8436 100644 --- a/2017/12xxx/CVE-2017-12711.json +++ b/2017/12xxx/CVE-2017-12711.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-12711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "Advantech WebAccess" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-266" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-12711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess", + "version": { + "version_data": [ + { + "version_value": "Advantech WebAccess" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" - }, - { - "name" : "100526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" + }, + { + "name": "100526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100526" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12858.json b/2017/12xxx/CVE-2017-12858.json index ba140ef1cfa..3f72f2628db 100644 --- a/2017/12xxx/CVE-2017-12858.json +++ b/2017/12xxx/CVE-2017-12858.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796", - "refsource" : "CONFIRM", - "url" : "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796" - }, - { - "name" : "100459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796", + "refsource": "CONFIRM", + "url": "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796" + }, + { + "name": "100459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100459" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12948.json b/2017/12xxx/CVE-2017-12948.json index e7525d73d91..442c0e69be9 100644 --- a/2017/12xxx/CVE-2017-12948.json +++ b/2017/12xxx/CVE-2017-12948.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Core\\Admin\\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf", - "refsource" : "MISC", - "url" : "http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Core\\Admin\\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf", + "refsource": "MISC", + "url": "http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13086.json b/2017/13xxx/CVE-2017-13086.json index 10fa1be63cd..cbe5dfd16f6 100644 --- a/2017/13xxx/CVE-2017-13086.json +++ b/2017/13xxx/CVE-2017-13086.json @@ -1,165 +1,165 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-13086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Wi-Fi Protected Access (WPA and WPA2)", - "version" : { - "version_data" : [ - { - "version_value" : "WPA" - }, - { - "version_value" : "WPA2" - } - ] - } - } - ] - }, - "vendor_name" : "Wi-Fi Alliance" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-323: Reusing a Nonce, Key Pair in Encryption" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wi-Fi Protected Access (WPA and WPA2)", + "version": { + "version_data": [ + { + "version_value": "WPA" + }, + { + "version_value": "WPA2" + } + ] + } + } + ] + }, + "vendor_name": "Wi-Fi Alliance" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.krackattacks.com/", - "refsource" : "MISC", - "url" : "https://www.krackattacks.com/" - }, - { - "name" : "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt", - "refsource" : "MISC", - "url" : "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt" - }, - { - "name" : "https://access.redhat.com/security/vulnerabilities/kracks", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/vulnerabilities/kracks" - }, - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-17420", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-17420" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf" - }, - { - "name" : "https://cert.vde.com/en-us/advisories/vde-2017-005", - "refsource" : "CONFIRM", - "url" : "https://cert.vde.com/en-us/advisories/vde-2017-005" - }, - { - "name" : "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa" - }, - { - "name" : "DSA-3999", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3999" - }, - { - "name" : "FreeBSD-SA-17:07", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc" - }, - { - "name" : "GLSA-201711-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-03" - }, - { - "name" : "RHSA-2017:2907", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2907" - }, - { - "name" : "USN-3455-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3455-1" - }, - { - "name" : "VU#228519", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/228519" - }, - { - "name" : "101274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101274" - }, - { - "name" : "1039573", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039573" - }, - { - "name" : "1039576", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039576" - }, - { - "name" : "1039577", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039577" - }, - { - "name" : "1039578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039578" - }, - { - "name" : "1039581", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-323: Reusing a Nonce, Key Pair in Encryption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039581", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039581" + }, + { + "name": "101274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101274" + }, + { + "name": "DSA-3999", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3999" + }, + { + "name": "1039578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039578" + }, + { + "name": "https://access.redhat.com/security/vulnerabilities/kracks", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/vulnerabilities/kracks" + }, + { + "name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa" + }, + { + "name": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt", + "refsource": "MISC", + "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt" + }, + { + "name": "1039577", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039577" + }, + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + }, + { + "name": "GLSA-201711-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-03" + }, + { + "name": "RHSA-2017:2907", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2907" + }, + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-17420", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-17420" + }, + { + "name": "FreeBSD-SA-17:07", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc" + }, + { + "name": "https://www.krackattacks.com/", + "refsource": "MISC", + "url": "https://www.krackattacks.com/" + }, + { + "name": "1039573", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039573" + }, + { + "name": "1039576", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039576" + }, + { + "name": "VU#228519", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/228519" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf" + }, + { + "name": "https://cert.vde.com/en-us/advisories/vde-2017-005", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en-us/advisories/vde-2017-005" + }, + { + "name": "USN-3455-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3455-1" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13476.json b/2017/13xxx/CVE-2017-13476.json index bee171c7bcc..561fecf4863 100644 --- a/2017/13xxx/CVE-2017-13476.json +++ b/2017/13xxx/CVE-2017-13476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13476", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13476", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13764.json b/2017/13xxx/CVE-2017-13764.json index 15ef2318b3a..bc2c010adef 100644 --- a/2017/13xxx/CVE-2017-13764.json +++ b/2017/13xxx/CVE-2017-13764.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-40.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-40.html" - }, - { - "name" : "100545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100545" - }, - { - "name" : "1039254", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94" + }, + { + "name": "100545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100545" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-40.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-40.html" + }, + { + "name": "1039254", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039254" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13828.json b/2017/13xxx/CVE-2017-13828.json index 6cd164d593c..380ccf65b2c 100644 --- a/2017/13xxx/CVE-2017-13828.json +++ b/2017/13xxx/CVE-2017-13828.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Fonts\" component. It allows remote attackers to spoof the user interface via crafted text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "1039710", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Fonts\" component. It allows remote attackers to spoof the user interface via crafted text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "1039710", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039710" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13956.json b/2017/13xxx/CVE-2017-13956.json index 6ae0acc7a81..905697f696d 100644 --- a/2017/13xxx/CVE-2017-13956.json +++ b/2017/13xxx/CVE-2017-13956.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13956", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13956", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16589.json b/2017/16xxx/CVE-2017-16589.json index 0099b2e42f3..b5e198e5f4e 100644 --- a/2017/16xxx/CVE-2017-16589.json +++ b/2017/16xxx/CVE-2017-16589.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-857", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-857" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-857", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-857" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16863.json b/2017/16xxx/CVE-2017-16863.json index 3ed3965c56c..8d31a15aefa 100644 --- a/2017/16xxx/CVE-2017-16863.json +++ b/2017/16xxx/CVE-2017-16863.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-01-14T00:00:00", - "ID" : "CVE-2017-16863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlassian Jira", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 7.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-01-14T00:00:00", + "ID": "CVE-2017-16863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlassian Jira", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 7.5.3" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-66623", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-66623" - }, - { - "name" : "102732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/JRASERVER-66623", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-66623" + }, + { + "name": "102732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102732" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17968.json b/2017/17xxx/CVE-2017-17968.json index 548b63521c5..c8cf31af789 100644 --- a/2017/17xxx/CVE-2017-17968.json +++ b/2017/17xxx/CVE-2017-17968.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43408", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43408/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43408", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43408/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18030.json b/2018/18xxx/CVE-2018-18030.json index 000f0ae3b8e..2abf6ecfa61 100644 --- a/2018/18xxx/CVE-2018-18030.json +++ b/2018/18xxx/CVE-2018-18030.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18030", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18030", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18406.json b/2018/18xxx/CVE-2018-18406.json index 4000c9d915a..90bd99a429a 100644 --- a/2018/18xxx/CVE-2018-18406.json +++ b/2018/18xxx/CVE-2018-18406.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18406", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18406", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18633.json b/2018/18xxx/CVE-2018-18633.json index a0f96d797b7..40e4570b750 100644 --- a/2018/18xxx/CVE-2018-18633.json +++ b/2018/18xxx/CVE-2018-18633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18633", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18633", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18852.json b/2018/18xxx/CVE-2018-18852.json index 1d76ab434d0..08ed49cd996 100644 --- a/2018/18xxx/CVE-2018-18852.json +++ b/2018/18xxx/CVE-2018-18852.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18852", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18852", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18863.json b/2018/18xxx/CVE-2018-18863.json index 1c1938402ee..156fdf765ff 100644 --- a/2018/18xxx/CVE-2018-18863.json +++ b/2018/18xxx/CVE-2018-18863.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18863", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18863", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18969.json b/2018/18xxx/CVE-2018-18969.json index edec77a1447..ba5d2cdc88a 100644 --- a/2018/18xxx/CVE-2018-18969.json +++ b/2018/18xxx/CVE-2018-18969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18969", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18969", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19263.json b/2018/19xxx/CVE-2018-19263.json index 6925ac4b602..abb872e6349 100644 --- a/2018/19xxx/CVE-2018-19263.json +++ b/2018/19xxx/CVE-2018-19263.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19263", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-19263", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19788.json b/2018/19xxx/CVE-2018-19788.json index cadc06d20b0..dd21a7015f5 100644 --- a/2018/19xxx/CVE-2018-19788.json +++ b/2018/19xxx/CVE-2018-19788.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html" - }, - { - "name" : "https://bugs.debian.org/915332", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/915332" - }, - { - "name" : "https://gitlab.freedesktop.org/polkit/polkit/issues/74", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/polkit/polkit/issues/74" - }, - { - "name" : "DSA-4350", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4350" - }, - { - "name" : "USN-3861-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3861-1/" - }, - { - "name" : "USN-3861-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3861-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3861-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3861-1/" + }, + { + "name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html" + }, + { + "name": "USN-3861-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3861-2/" + }, + { + "name": "https://bugs.debian.org/915332", + "refsource": "MISC", + "url": "https://bugs.debian.org/915332" + }, + { + "name": "https://gitlab.freedesktop.org/polkit/polkit/issues/74", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/polkit/polkit/issues/74" + }, + { + "name": "DSA-4350", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4350" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1033.json b/2018/1xxx/CVE-2018-1033.json index b3bf4261628..8e4df7ec171 100644 --- a/2018/1xxx/CVE-2018-1033.json +++ b/2018/1xxx/CVE-2018-1033.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1033", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1033", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1058.json b/2018/1xxx/CVE-2018-1058.json index 3d639ddec68..cdbb2d56850 100644 --- a/2018/1xxx/CVE-2018-1058.json +++ b/2018/1xxx/CVE-2018-1058.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-03-01T00:00:00", - "ID" : "CVE-2018-1058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "postgresql", - "version" : { - "version_data" : [ - { - "version_value" : "9.3 - 10" - } - ] - } - } - ] - }, - "vendor_name" : "The PostgreSQL Global Development Group" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-03-01T00:00:00", + "ID": "CVE-2018-1058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postgresql", + "version": { + "version_data": [ + { + "version_value": "9.3 - 10" + } + ] + } + } + ] + }, + "vendor_name": "The PostgreSQL Global Development Group" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547044", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547044" - }, - { - "name" : "https://www.postgresql.org/about/news/1834/", - "refsource" : "CONFIRM", - "url" : "https://www.postgresql.org/about/news/1834/" - }, - { - "name" : "RHSA-2018:2511", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2511" - }, - { - "name" : "RHSA-2018:2566", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2566" - }, - { - "name" : "RHSA-2018:3816", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3816" - }, - { - "name" : "USN-3589-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3589-1/" - }, - { - "name" : "103221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547044", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547044" + }, + { + "name": "USN-3589-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3589-1/" + }, + { + "name": "103221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103221" + }, + { + "name": "https://www.postgresql.org/about/news/1834/", + "refsource": "CONFIRM", + "url": "https://www.postgresql.org/about/news/1834/" + }, + { + "name": "RHSA-2018:2511", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2511" + }, + { + "name": "RHSA-2018:2566", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2566" + }, + { + "name": "RHSA-2018:3816", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3816" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1083.json b/2018/1xxx/CVE-2018-1083.json index 0d32b24ab7a..bdedc827042 100644 --- a/2018/1xxx/CVE-2018-1083.json +++ b/2018/1xxx/CVE-2018-1083.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-03-26T00:00:00", - "ID" : "CVE-2018-1083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "zsh", - "version" : { - "version_data" : [ - { - "version_value" : "before zsh 5.4.2-test-1" - } - ] - } - } - ] - }, - "vendor_name" : "zsh" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-120->CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-03-26T00:00:00", + "ID": "CVE-2018-1083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zsh", + "version": { + "version_data": [ + { + "version_value": "before zsh 5.4.2-test-1" + } + ] + } + } + ] + }, + "vendor_name": "zsh" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180331 [SECURITY] [DLA 1335-1] zsh security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1557382", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1557382" - }, - { - "name" : "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7" - }, - { - "name" : "GLSA-201805-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-10" - }, - { - "name" : "RHSA-2018:1932", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1932" - }, - { - "name" : "RHSA-2018:3073", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3073" - }, - { - "name" : "USN-3608-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3608-1/" - }, - { - "name" : "103572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120->CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3608-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3608-1/" + }, + { + "name": "103572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103572" + }, + { + "name": "GLSA-201805-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-10" + }, + { + "name": "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7" + }, + { + "name": "RHSA-2018:1932", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1932" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1557382", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557382" + }, + { + "name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1335-1] zsh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html" + }, + { + "name": "RHSA-2018:3073", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3073" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1141.json b/2018/1xxx/CVE-2018-1141.json index b6a03a98f02..194ff8d1e2d 100644 --- a/2018/1xxx/CVE-2018-1141.json +++ b/2018/1xxx/CVE-2018-1141.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-03-19T00:00:00", - "ID" : "CVE-2018-1141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nessus", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to 7.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Tenable" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Local Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-03-19T00:00:00", + "ID": "CVE-2018-1141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nessus", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 7.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Tenable" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/tns-2018-01", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-01" - }, - { - "name" : "1040557", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2018-01", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-01" + }, + { + "name": "1040557", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040557" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1186.json b/2018/1xxx/CVE-2018-1186.json index 1e32f380e35..c810bdd6b6b 100644 --- a/2018/1xxx/CVE-2018-1186.json +++ b/2018/1xxx/CVE-2018-1186.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-03-19T00:00:00", - "ID" : "CVE-2018-1186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Isilon OneFS", - "version" : { - "version_data" : [ - { - "version_value" : "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-03-19T00:00:00", + "ID": "CVE-2018-1186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Isilon OneFS", + "version": { + "version_data": [ + { + "version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44039", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44039/" - }, - { - "name" : "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Mar/50" - }, - { - "name" : "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities" - }, - { - "name" : "103033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103033" + }, + { + "name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Mar/50" + }, + { + "name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities" + }, + { + "name": "44039", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44039/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1764.json b/2018/1xxx/CVE-2018-1764.json index 0676b2a2855..89ef8a293fc 100644 --- a/2018/1xxx/CVE-2018-1764.json +++ b/2018/1xxx/CVE-2018-1764.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-08T00:00:00", - "ID" : "CVE-2018-1764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148618." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-03-08T00:00:00", + "ID": "CVE-2018-1764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318" - }, - { - "name" : "ibm-rqm-cve20181764-xss(148618)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148618." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20181764-xss(148618)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148618" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875318", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5096.json b/2018/5xxx/CVE-2018-5096.json index 5e0fd9a982a..0bbdd5cb345 100644 --- a/2018/5xxx/CVE-2018-5096.json +++ b/2018/5xxx/CVE-2018-5096.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.6" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.6" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free while editing form elements" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.6" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.6" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" - }, - { - "name" : "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1418922", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1418922" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-03/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-03/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-04/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-04/" - }, - { - "name" : "DSA-4096", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4096" - }, - { - "name" : "DSA-4102", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4102" - }, - { - "name" : "RHSA-2018:0122", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0122" - }, - { - "name" : "RHSA-2018:0262", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0262" - }, - { - "name" : "102771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free while editing form elements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-03/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/" + }, + { + "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" + }, + { + "name": "DSA-4096", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4096" + }, + { + "name": "RHSA-2018:0262", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0262" + }, + { + "name": "102771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102771" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-04/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/" + }, + { + "name": "RHSA-2018:0122", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0122" + }, + { + "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" + }, + { + "name": "DSA-4102", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4102" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1418922", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1418922" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5308.json b/2018/5xxx/CVE-2018-5308.json index 6141b504217..7a7f80da289 100644 --- a/2018/5xxx/CVE-2018-5308.json +++ b/2018/5xxx/CVE-2018-5308.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532390", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1532390", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532390" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5597.json b/2018/5xxx/CVE-2018-5597.json index dc0c1777ebe..6675356d7cf 100644 --- a/2018/5xxx/CVE-2018-5597.json +++ b/2018/5xxx/CVE-2018-5597.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5597", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5597", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file