diff --git a/2001/0xxx/CVE-2001-0090.json b/2001/0xxx/CVE-2001-0090.json index 9c033fc0692..ff77238850a 100644 --- a/2001/0xxx/CVE-2001-0090.json +++ b/2001/0xxx/CVE-2001-0090.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the \"Browser Print Template\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-093", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093" - }, - { - "name" : "2046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2046" - }, - { - "name" : "ie-print-template(5614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the \"Browser Print Template\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2046" + }, + { + "name": "ie-print-template(5614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5614" + }, + { + "name": "MS00-093", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0108.json b/2001/0xxx/CVE-2001-0108.json index ac6af9db7a5..7a4e9d4f2e0 100644 --- a/2001/0xxx/CVE-2001-0108.json +++ b/2001/0xxx/CVE-2001-0108.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010112 PHP Security Advisory - Apache Module bugs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97957961212852" - }, - { - "name" : "MDKSA-2001:013", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3" - }, - { - "name" : "CLA-2001:373", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373" - }, - { - "name" : "DSA-020", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-020" - }, - { - "name" : "RHSA-2000:136", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-136.html" - }, - { - "name" : "php-htaccess-unauth-access(5940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5940" - }, - { - "name" : "2206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-020", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-020" + }, + { + "name": "MDKSA-2001:013", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3" + }, + { + "name": "php-htaccess-unauth-access(5940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5940" + }, + { + "name": "CLA-2001:373", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373" + }, + { + "name": "2206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2206" + }, + { + "name": "20010112 PHP Security Advisory - Apache Module bugs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97957961212852" + }, + { + "name": "RHSA-2000:136", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-136.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0191.json b/2001/0xxx/CVE-2001-0191.json index dd5c1423204..31ad0f33d2d 100644 --- a/2001/0xxx/CVE-2001-0191.json +++ b/2001/0xxx/CVE-2001-0191.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010202 Remote vulnerability in gnuserv/XEmacs", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html" - }, - { - "name" : "RHSA-2001:010", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-010.html" - }, - { - "name" : "RHSA-2001:011", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-011.html" - }, - { - "name" : "MDKSA-2001:019", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3" - }, - { - "name" : "gnuserv-tcp-cookie-overflow(6056)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2001:011", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-011.html" + }, + { + "name": "RHSA-2001:010", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-010.html" + }, + { + "name": "MDKSA-2001:019", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3" + }, + { + "name": "gnuserv-tcp-cookie-overflow(6056)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6056" + }, + { + "name": "20010202 Remote vulnerability in gnuserv/XEmacs", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0315.json b/2001/0xxx/CVE-2001-0315.json index cee8bc03d76..d85aaadb1e9 100644 --- a/2001/0xxx/CVE-2001-0315.json +++ b/2001/0xxx/CVE-2001-0315.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010125 mIRC allows password protection to be bypassed", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98053777917287&w=2" - }, - { - "name" : "mirc-bypass-password(6013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010125 mIRC allows password protection to be bypassed", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98053777917287&w=2" + }, + { + "name": "mirc-bypass-password(6013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6013" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0392.json b/2001/0xxx/CVE-2001-0392.json index 200c2044be6..9c09f3e5f28 100644 --- a/2001/0xxx/CVE-2001-0392.json +++ b/2001/0xxx/CVE-2001-0392.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010403 def-2001-17: Navision Financials Server DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98633100728473&w=2" - }, - { - "name" : "2539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010403 def-2001-17: Navision Financials Server DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98633100728473&w=2" + }, + { + "name": "2539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2539" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0649.json b/2001/0xxx/CVE-2001-0649.json index b72cf6b2e87..8cb1199d7d1 100644 --- a/2001/0xxx/CVE-2001-0649.json +++ b/2001/0xxx/CVE-2001-0649.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010510 Personal Web Sharing remote stop", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/184548" - }, - { - "name" : "macos-web-sharing-dos(6536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010510 Personal Web Sharing remote stop", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/184548" + }, + { + "name": "macos-web-sharing-dos(6536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6536" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0879.json b/2001/0xxx/CVE-2001-0879.json index dce63b1fd3a..a99d8d276fd 100644 --- a/2001/0xxx/CVE-2001-0879.json +++ b/2001/0xxx/CVE-2001-0879.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A122001-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2001/a122001-1.txt" - }, - { - "name" : "20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100891252317406&w=2" - }, - { - "name" : "MS01-060", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060" - }, - { - "name" : "mssql-c-runtime-format-string(7725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7725" - }, - { - "name" : "3732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3732" - }, - { - "name" : "oval:org.mitre.oval:def:253", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100891252317406&w=2" + }, + { + "name": "MS01-060", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060" + }, + { + "name": "A122001-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2001/a122001-1.txt" + }, + { + "name": "3732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3732" + }, + { + "name": "oval:org.mitre.oval:def:253", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A253" + }, + { + "name": "mssql-c-runtime-format-string(7725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7725" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0898.json b/2001/0xxx/CVE-2001-0898.json index 6983e6696af..24c599f07a4 100644 --- a/2001/0xxx/CVE-2001-0898.json +++ b/2001/0xxx/CVE-2001-0898.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011115 Several javascript vulnerabilities in Opera", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100586079932284&w=2" - }, - { - "name" : "20011116 Re: Several javascript vulnerabilities in Opera", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100588139312696&w=2" - }, - { - "name" : "3553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3553" - }, - { - "name" : "opera-java-cross-site(7567)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7567.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3553" + }, + { + "name": "opera-java-cross-site(7567)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7567.php" + }, + { + "name": "20011116 Re: Several javascript vulnerabilities in Opera", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100588139312696&w=2" + }, + { + "name": "20011115 Several javascript vulnerabilities in Opera", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100586079932284&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2073.json b/2006/2xxx/CVE-2006-2073.json index 991daddd405..543348d4a23 100644 --- a/2006/2xxx/CVE-2006-2073.json +++ b/2006/2xxx/CVE-2006-2073.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a \"broken\" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en" - }, - { - "name" : "VU#955777", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/955777" - }, - { - "name" : "17692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17692" - }, - { - "name" : "ADV-2006-1505", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1505" - }, - { - "name" : "ADV-2006-1537", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1537" - }, - { - "name" : "19808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19808" - }, - { - "name" : "1015993", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015993" - }, - { - "name" : "dns-improper-request-handling(26081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a \"broken\" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dns-improper-request-handling(26081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" + }, + { + "name": "ADV-2006-1537", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1537" + }, + { + "name": "VU#955777", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/955777" + }, + { + "name": "19808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19808" + }, + { + "name": "17692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17692" + }, + { + "name": "ADV-2006-1505", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1505" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en" + }, + { + "name": "1015993", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015993" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2645.json b/2006/2xxx/CVE-2006-2645.json index af1c829079b..d947488111d 100644 --- a/2006/2xxx/CVE-2006-2645.json +++ b/2006/2xxx/CVE-2006-2645.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060526 Plume CMS Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435130/100/0/threaded" - }, - { - "name" : "ADV-2006-2014", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2014" - }, - { - "name" : "1016165", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016165" - }, - { - "name" : "20310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20310" - }, - { - "name" : "975", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/975" - }, - { - "name" : "plumecms-prepend-file-include(24697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697" - }, - { - "name" : "plumecms-frontinc-prepend-file-include(27699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20310" + }, + { + "name": "975", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/975" + }, + { + "name": "plumecms-prepend-file-include(24697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697" + }, + { + "name": "plumecms-frontinc-prepend-file-include(27699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699" + }, + { + "name": "20060526 Plume CMS Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435130/100/0/threaded" + }, + { + "name": "ADV-2006-2014", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2014" + }, + { + "name": "1016165", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016165" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1262.json b/2008/1xxx/CVE-2008-1262.json index a17d98cb2a3..85ee33081eb 100644 --- a/2008/1xxx/CVE-2008-1262.json +++ b/2008/1xxx/CVE-2008-1262.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "http://airspan4wimax.googlepages.com/", - "refsource" : "MISC", - "url" : "http://airspan4wimax.googlepages.com/" - }, - { - "name" : "http://www.0x000000.com/?i=524", - "refsource" : "MISC", - "url" : "http://www.0x000000.com/?i=524" - }, - { - "name" : "http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=29820", - "refsource" : "CONFIRM", - "url" : "http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=29820" - }, - { - "name" : "VU#248372", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/248372" - }, - { - "name" : "28122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28122" - }, - { - "name" : "ADV-2008-0802", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0802/references" - }, - { - "name" : "29265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29265" - }, - { - "name" : "wimaxprost-webinterface-security-bypass(41052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "28122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28122" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "wimaxprost-webinterface-security-bypass(41052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41052" + }, + { + "name": "VU#248372", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/248372" + }, + { + "name": "http://www.0x000000.com/?i=524", + "refsource": "MISC", + "url": "http://www.0x000000.com/?i=524" + }, + { + "name": "ADV-2008-0802", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0802/references" + }, + { + "name": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=29820", + "refsource": "CONFIRM", + "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=29820" + }, + { + "name": "http://airspan4wimax.googlepages.com/", + "refsource": "MISC", + "url": "http://airspan4wimax.googlepages.com/" + }, + { + "name": "29265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29265" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5026.json b/2008/5xxx/CVE-2008-5026.json index d476711d73d..7b3cb9cee8e 100644 --- a/2008/5xxx/CVE-2008-5026.json +++ b/2008/5xxx/CVE-2008-5026.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081106 Re: [WEB SECURITY] countermeasure against attacks through HTML shared files", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-11/0055.html" - }, - { - "name" : "20081106 Re: [WEB SECURITY] countermeasure against attacks through HTML shared files", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-11/0058.html" - }, - { - "name" : "20081106 countermeasure against attacks through HTML shared files", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-11/0056.html" - }, - { - "name" : "http://www.pomcor.com/whitepapers/file_sharing_security.pdf", - "refsource" : "MISC", - "url" : "http://www.pomcor.com/whitepapers/file_sharing_security.pdf" - }, - { - "name" : "sharepoint-htmldocument-xss(46590)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081106 countermeasure against attacks through HTML shared files", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0056.html" + }, + { + "name": "sharepoint-htmldocument-xss(46590)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46590" + }, + { + "name": "20081106 Re: [WEB SECURITY] countermeasure against attacks through HTML shared files", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0055.html" + }, + { + "name": "http://www.pomcor.com/whitepapers/file_sharing_security.pdf", + "refsource": "MISC", + "url": "http://www.pomcor.com/whitepapers/file_sharing_security.pdf" + }, + { + "name": "20081106 Re: [WEB SECURITY] countermeasure against attacks through HTML shared files", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-11/0058.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5099.json b/2008/5xxx/CVE-2008-5099.json index 0f0b58bcde0..7e666a97c9e 100644 --- a/2008/5xxx/CVE-2008-5099.json +++ b/2008/5xxx/CVE-2008-5099.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the \"ldm ls -l\" command, a different vulnerability than CVE-2008-4992." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm" - }, - { - "name" : "243606", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1" - }, - { - "name" : "32286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32286" - }, - { - "name" : "ADV-2008-3154", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3154" - }, - { - "name" : "1021224", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021224" - }, - { - "name" : "32674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32674" - }, - { - "name" : "sun-ldoms-auth-bypass(46594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the \"ldm ls -l\" command, a different vulnerability than CVE-2008-4992." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-460.htm" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139395-02-1" + }, + { + "name": "1021224", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021224" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139397-02-1" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139398-01-1" + }, + { + "name": "243606", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243606-1" + }, + { + "name": "32674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32674" + }, + { + "name": "ADV-2008-3154", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3154" + }, + { + "name": "32286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32286" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139396-02-1" + }, + { + "name": "sun-ldoms-auth-bypass(46594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46594" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5264.json b/2008/5xxx/CVE-2008-5264.json index 3f90baaca65..764722ca70a 100644 --- a/2008/5xxx/CVE-2008-5264.json +++ b/2008/5xxx/CVE-2008-5264.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080610 [web-app] Tornado Knowledge Retrieval System <= 4.2 Remote XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493217/100/0/threaded" - }, - { - "name" : "29626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29626" - }, - { - "name" : "30623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30623" - }, - { - "name" : "4655", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4655" - }, - { - "name" : "krs-searcher-xss(42963)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "krs-searcher-xss(42963)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42963" + }, + { + "name": "29626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29626" + }, + { + "name": "20080610 [web-app] Tornado Knowledge Retrieval System <= 4.2 Remote XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493217/100/0/threaded" + }, + { + "name": "4655", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4655" + }, + { + "name": "30623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30623" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5805.json b/2008/5xxx/CVE-2008-5805.json index 7b1ee2665e3..5ad8194824c 100644 --- a/2008/5xxx/CVE-2008-5805.json +++ b/2008/5xxx/CVE-2008-5805.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7047", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7047" - }, - { - "name" : "32161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32161" - }, - { - "name" : "32191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32191" - }, - { - "name" : "ADV-2008-3079", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3079" - }, - { - "name" : "phpclassifieds-login-detail-sql-injection(46428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32161" + }, + { + "name": "phpclassifieds-login-detail-sql-injection(46428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46428" + }, + { + "name": "32191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32191" + }, + { + "name": "7047", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7047" + }, + { + "name": "ADV-2008-3079", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3079" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5903.json b/2008/5xxx/CVE-2008-5903.json index 3d0d78f7321..61665164530 100644 --- a/2008/5xxx/CVE-2008-5903.json +++ b/2008/5xxx/CVE-2008-5903.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090112 CVE request: xrdp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/01/12/3" - }, - { - "name" : "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf" - }, - { - "name" : "SUSE-SR:2009:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" - }, - { - "name" : "33371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33371" - }, - { - "name" : "xrdp-xrdpbitmapdefproc-code-execution(48093)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2009:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" + }, + { + "name": "33371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33371" + }, + { + "name": "xrdp-xrdpbitmapdefproc-code-execution(48093)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48093" + }, + { + "name": "[oss-security] 20090112 CVE request: xrdp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/01/12/3" + }, + { + "name": "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5984.json b/2008/5xxx/CVE-2008-5984.json index 9406b21c871..0dc501a8bc1 100644 --- a/2008/5xxx/CVE-2008-5984.json +++ b/2008/5xxx/CVE-2008-5984.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/01/26/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=481551", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=481551" - }, - { - "name" : "FEDORA-2009-1057", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01065.html" - }, - { - "name" : "MDVSA-2009:040", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:040" - }, - { - "name" : "MDVSA-2009:046", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:046" - }, - { - "name" : "33448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33448" - }, - { - "name" : "33672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33672" - }, - { - "name" : "33703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33703" - }, - { - "name" : "dia-pysyssetargv-privilege-escalation(48262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-1057", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01065.html" + }, + { + "name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2" + }, + { + "name": "MDVSA-2009:046", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:046" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251" + }, + { + "name": "MDVSA-2009:040", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:040" + }, + { + "name": "33448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33448" + }, + { + "name": "33672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33672" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=481551", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481551" + }, + { + "name": "33703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33703" + }, + { + "name": "dia-pysyssetargv-privilege-escalation(48262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48262" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2014.json b/2011/2xxx/CVE-2011-2014.json index 0d996841a19..379e69c9a5d 100644 --- a/2011/2xxx/CVE-2011-2014.json +++ b/2011/2xxx/CVE-2011-2014.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka \"LDAPS Authentication Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-2014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-086", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-086" - }, - { - "name" : "oval:org.mitre.oval:def:13278", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13278" - }, - { - "name" : "1026294", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka \"LDAPS Authentication Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-086", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-086" + }, + { + "name": "oval:org.mitre.oval:def:13278", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13278" + }, + { + "name": "1026294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026294" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2641.json b/2011/2xxx/CVE-2011-2641.json index f462131160b..2a9a12ba90a 100644 --- a/2011/2xxx/CVE-2011-2641.json +++ b/2011/2xxx/CVE-2011-2641.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17396", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17396", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17396" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2699.json b/2011/2xxx/CVE-2011-2699.json index ec20c09795b..a925de3e0e9 100644 --- a/2011/2xxx/CVE-2011-2699.json +++ b/2011/2xxx/CVE-2011-2699.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110720 Re: CVE request: kernel: ipv6: make fragment identifications less predictable", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/20/5" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87c48fa3b4630905f98268dde838ee43626a060c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87c48fa3b4630905f98268dde838ee43626a060c" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=723429", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=723429" - }, - { - "name" : "https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1027274", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027274", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027274" + }, + { + "name": "https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c" + }, + { + "name": "[oss-security] 20110720 Re: CVE request: kernel: ipv6: make fragment identifications less predictable", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/20/5" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87c48fa3b4630905f98268dde838ee43626a060c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87c48fa3b4630905f98268dde838ee43626a060c" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=723429", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=723429" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2881.json b/2011/2xxx/CVE-2011-2881.json index 79c96b909bd..9e1cb3505dc 100644 --- a/2011/2xxx/CVE-2011-2881.json +++ b/2011/2xxx/CVE-2011-2881.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=97784", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=97784" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14075", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14075", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14075" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=97784", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=97784" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3959.json b/2011/3xxx/CVE-2011-3959.json index ed6d918bb44..609ff53a325 100644 --- a/2011/3xxx/CVE-2011-3959.json +++ b/2011/3xxx/CVE-2011-3959.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=106441", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=106441" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14235", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=106441", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=106441" + }, + { + "name": "oval:org.mitre.oval:def:14235", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14235" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0185.json b/2013/0xxx/CVE-2013-0185.json index 9589665d369..373a98f285a 100644 --- a/2013/0xxx/CVE-2013-0185.json +++ b/2013/0xxx/CVE-2013-0185.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=895345", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=895345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=895345", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=895345" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0192.json b/2013/0xxx/CVE-2013-0192.json index 7a4df1c62a1..30eb3bc8403 100644 --- a/2013/0xxx/CVE-2013-0192.json +++ b/2013/0xxx/CVE-2013-0192.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0192", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0192", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0410.json b/2013/0xxx/CVE-2013-0410.json index 6c7bb247be9..a6073685601 100644 --- a/2013/0xxx/CVE-2013-0410.json +++ b/2013/0xxx/CVE-2013-0410.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Base Component - Common Objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Base Component - Common Objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0535.json b/2013/0xxx/CVE-2013-0535.json index f8f24ca1835..ff4275964ab 100644 --- a/2013/0xxx/CVE-2013-0535.json +++ b/2013/0xxx/CVE-2013-0535.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635185", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635185" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635545", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635545" - }, - { - "name" : "sametime-meeting-multiple-xss(82657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sametime-meeting-multiple-xss(82657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82657" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21635185", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635185" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21635545", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635545" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0654.json b/2013/0xxx/CVE-2013-0654.json index ceefe2fdb6b..d1685d7f797 100644 --- a/2013/0xxx/CVE-2013-0654.json +++ b/2013/0xxx/CVE-2013-0654.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1581.json b/2013/1xxx/CVE-2013-1581.json index 880819cc269..bf56349f9b1 100644 --- a/2013/1xxx/CVE-2013-1581.json +++ b/2013/1xxx/CVE-2013-1581.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=47123&r2=47122&pathrev=47123", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=47123&r2=47122&pathrev=47123" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47123", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47123" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-01.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8222", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8222" - }, - { - "name" : "openSUSE-SU-2013:0276", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html" - }, - { - "name" : "openSUSE-SU-2013:0285", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html" - }, - { - "name" : "oval:org.mitre.oval:def:16370", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-01.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-01.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47123", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47123" + }, + { + "name": "oval:org.mitre.oval:def:16370", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16370" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=47123&r2=47122&pathrev=47123", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=47123&r2=47122&pathrev=47123" + }, + { + "name": "openSUSE-SU-2013:0285", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html" + }, + { + "name": "openSUSE-SU-2013:0276", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8222", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8222" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1599.json b/2013/1xxx/CVE-2013-1599.json index 827b468cda6..d8a496be2f8 100644 --- a/2013/1xxx/CVE-2013-1599.json +++ b/2013/1xxx/CVE-2013-1599.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1599", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1599", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1749.json b/2013/1xxx/CVE-2013-1749.json index 6adc3b62c75..1efc465add1 100644 --- a/2013/1xxx/CVE-2013-1749.json +++ b/2013/1xxx/CVE-2013-1749.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/04/17/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/04/17/2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1816.json b/2013/1xxx/CVE-2013-1816.json index 5e85658026c..a1f80b02838 100644 --- a/2013/1xxx/CVE-2013-1816.json +++ b/2013/1xxx/CVE-2013-1816.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1816", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1816", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1980.json b/2013/1xxx/CVE-2013-1980.json index 7f71168df60..ac967b55dc4 100644 --- a/2013/1xxx/CVE-2013-1980.json +++ b/2013/1xxx/CVE-2013-1980.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130422 Re: CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/22/12" - }, - { - "name" : "http://sourceforge.net/p/xmp/libxmp/ci/a015fdfb478a60172fd225632a11bbd02870fc40", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/xmp/libxmp/ci/a015fdfb478a60172fd225632a11bbd02870fc40" - }, - { - "name" : "http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=954658", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=954658" - }, - { - "name" : "https://build.opensuse.org/request/show/174356", - "refsource" : "CONFIRM", - "url" : "https://build.opensuse.org/request/show/174356" - }, - { - "name" : "59355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59355" - }, - { - "name" : "53114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view" + }, + { + "name": "[oss-security] 20130422 Re: CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/22/12" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=954658", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=954658" + }, + { + "name": "http://sourceforge.net/p/xmp/libxmp/ci/a015fdfb478a60172fd225632a11bbd02870fc40", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/xmp/libxmp/ci/a015fdfb478a60172fd225632a11bbd02870fc40" + }, + { + "name": "https://build.opensuse.org/request/show/174356", + "refsource": "CONFIRM", + "url": "https://build.opensuse.org/request/show/174356" + }, + { + "name": "53114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53114" + }, + { + "name": "59355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59355" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4100.json b/2013/4xxx/CVE-2013-4100.json index f1d29f15be2..e29cbfaf1ef 100644 --- a/2013/4xxx/CVE-2013-4100.json +++ b/2013/4xxx/CVE-2013-4100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4100", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4100", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4217.json b/2013/4xxx/CVE-2013-4217.json index 822a059b454..83323a06109 100644 --- a/2013/4xxx/CVE-2013-4217.json +++ b/2013/4xxx/CVE-2013-4217.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130808 Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/08/08/17" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=911121", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=911121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=911121", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911121" + }, + { + "name": "[oss-security] 20130808 Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/08/08/17" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4453.json b/2013/4xxx/CVE-2013-4453.json index b8aafbf4c47..268ccdb425e 100644 --- a/2013/4xxx/CVE-2013-4453.json +++ b/2013/4xxx/CVE-2013-4453.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131021 Re: CVE Request: LDAP Account Manager XSS in login.php", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/149" - }, - { - "name" : "http://www.rusty-ice.de/advisory/advisory_2013001.txt", - "refsource" : "MISC", - "url" : "http://www.rusty-ice.de/advisory/advisory_2013001.txt" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976" - }, - { - "name" : "http://sourceforge.net/p/lam/bugs/156", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/lam/bugs/156" - }, - { - "name" : "98828", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98828" - }, - { - "name" : "55413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55413" - }, - { - "name" : "ldapaccountmanager-cve20134453-login-xss(88203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131021 Re: CVE Request: LDAP Account Manager XSS in login.php", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/149" + }, + { + "name": "98828", + "refsource": "OSVDB", + "url": "http://osvdb.org/98828" + }, + { + "name": "55413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55413" + }, + { + "name": "http://www.rusty-ice.de/advisory/advisory_2013001.txt", + "refsource": "MISC", + "url": "http://www.rusty-ice.de/advisory/advisory_2013001.txt" + }, + { + "name": "http://sourceforge.net/p/lam/bugs/156", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/lam/bugs/156" + }, + { + "name": "ldapaccountmanager-cve20134453-login-xss(88203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88203" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4762.json b/2013/4xxx/CVE-2013-4762.json index 8a3c17faa35..1955b3bdd40 100644 --- a/2013/4xxx/CVE-2013-4762.json +++ b/2013/4xxx/CVE-2013-4762.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://puppetlabs.com/security/cve/cve-2013-4762/", - "refsource" : "CONFIRM", - "url" : "http://puppetlabs.com/security/cve/cve-2013-4762/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://puppetlabs.com/security/cve/cve-2013-4762/", + "refsource": "CONFIRM", + "url": "http://puppetlabs.com/security/cve/cve-2013-4762/" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5096.json b/2013/5xxx/CVE-2013-5096.json index 5dd99bfe3fd..95f38f3dfe7 100644 --- a/2013/5xxx/CVE-2013-5096.json +++ b/2013/5xxx/CVE-2013-5096.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/JSA10585", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/JSA10585" - }, - { - "name" : "61794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61794" - }, - { - "name" : "1028923", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61794" + }, + { + "name": "http://kb.juniper.net/JSA10585", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/JSA10585" + }, + { + "name": "1028923", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028923" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5202.json b/2013/5xxx/CVE-2013-5202.json index a5c91ed90f3..52a788097af 100644 --- a/2013/5xxx/CVE-2013-5202.json +++ b/2013/5xxx/CVE-2013-5202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5441.json b/2013/5xxx/CVE-2013-5441.json index 9455607ffea..4de2a8a8671 100644 --- a/2013/5xxx/CVE-2013-5441.json +++ b/2013/5xxx/CVE-2013-5441.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5441", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5441", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000017.json b/2017/1000xxx/CVE-2017-1000017.json index c65b9661581..4d9164987ca 100644 --- a/2017/1000xxx/CVE-2017-1000017.json +++ b/2017/1000xxx/CVE-2017-1000017.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.268738", - "ID" : "CVE-2017-1000017", - "REQUESTER" : "security@phpmyadmin.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "phpMyAdmin", - "version" : { - "version_data" : [ - { - "version_value" : "All 4.6.x versions (prior to 4.6.6), 4.4.x versions (prior to 4.4.15.10), and 4.0.x versions (prior to 4.0.10.19) are affected." - } - ] - } - } - ] - }, - "vendor_name" : "phpMyAdmin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote server access" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.268738", + "ID": "CVE-2017-1000017", + "REQUESTER": "security@phpmyadmin.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2017-6", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2017-6" - }, - { - "name" : "95732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.phpmyadmin.net/security/PMASA-2017-6", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2017-6" + }, + { + "name": "95732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95732" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000222.json b/2017/1000xxx/CVE-2017-1000222.json index a412a83231a..1aa0c28a117 100644 --- a/2017/1000xxx/CVE-2017-1000222.json +++ b/2017/1000xxx/CVE-2017-1000222.json @@ -1,21 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.451861", - "ID" : "CVE-2017-1000222", - "REQUESTER" : "i.rithwik@protonmail.com", - "STATE" : "REJECT", - "STATE_DETAIL" : "BAD_REF_URL" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1000222", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12056.json b/2017/12xxx/CVE-2017-12056.json index 61fa91e7db4..78f001422bc 100644 --- a/2017/12xxx/CVE-2017-12056.json +++ b/2017/12xxx/CVE-2017-12056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12342.json b/2017/12xxx/CVE-2017-12342.json index f3d0bddb483..6428aa6ab9f 100644 --- a/2017/12xxx/CVE-2017-12342.json +++ b/2017/12xxx/CVE-2017-12342.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Nexus Series Switches", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Nexus Series Switches" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could exploit this vulnerability by crafting specific packets for communication on the device-internal network. A successful exploit could allow the attacker to run code on the underlying host operating system. OAC is not enabled by default. For a device to be vulnerable, an administrator would need to install and activate this feature. This vulnerability affects the following Cisco Nexus Series Switches: Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. Cisco Bug IDs: CSCve53542, CSCvf36621." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Nexus Series Switches", + "version": { + "version_data": [ + { + "version_value": "Cisco Nexus Series Switches" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos9", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos9" - }, - { - "name" : "102027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102027" - }, - { - "name" : "1039940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could exploit this vulnerability by crafting specific packets for communication on the device-internal network. A successful exploit could allow the attacker to run code on the underlying host operating system. OAC is not enabled by default. For a device to be vulnerable, an administrator would need to install and activate this feature. This vulnerability affects the following Cisco Nexus Series Switches: Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. Cisco Bug IDs: CSCve53542, CSCvf36621." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos9", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos9" + }, + { + "name": "102027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102027" + }, + { + "name": "1039940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039940" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12474.json b/2017/12xxx/CVE-2017-12474.json index 127d47f9391..111b9e7b108 100644 --- a/2017/12xxx/CVE-2017-12474.json +++ b/2017/12xxx/CVE-2017-12474.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drive.google.com/open?id=0B6wBkDmxMGMKUjNscThnbTlSZ2s", - "refsource" : "MISC", - "url" : "https://drive.google.com/open?id=0B6wBkDmxMGMKUjNscThnbTlSZ2s" - }, - { - "name" : "https://drive.google.com/open?id=0B9DojFnTUSNGZ1JfNUc1am9pcnc", - "refsource" : "MISC", - "url" : "https://drive.google.com/open?id=0B9DojFnTUSNGZ1JfNUc1am9pcnc" - }, - { - "name" : "https://github.com/axiomatic-systems/Bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drive.google.com/open?id=0B6wBkDmxMGMKUjNscThnbTlSZ2s", + "refsource": "MISC", + "url": "https://drive.google.com/open?id=0B6wBkDmxMGMKUjNscThnbTlSZ2s" + }, + { + "name": "https://github.com/axiomatic-systems/Bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/commit/4d3f0bebd5f8518fd775f671c12bea58c68e814e" + }, + { + "name": "https://drive.google.com/open?id=0B9DojFnTUSNGZ1JfNUc1am9pcnc", + "refsource": "MISC", + "url": "https://drive.google.com/open?id=0B9DojFnTUSNGZ1JfNUc1am9pcnc" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13296.json b/2017/13xxx/CVE-2017-13296.json index d212e078735..56e43548e5b 100644 --- a/2017/13xxx/CVE-2017-13296.json +++ b/2017/13xxx/CVE-2017-13296.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-13296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-13296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16354.json b/2017/16xxx/CVE-2017-16354.json index 578edcd06b0..409bc0cb810 100644 --- a/2017/16xxx/CVE-2017-16354.json +++ b/2017/16xxx/CVE-2017-16354.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16354", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16354", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16372.json b/2017/16xxx/CVE-2017-16372.json index 2216208d209..35e1dd12248 100644 --- a/2017/16xxx/CVE-2017-16372.json +++ b/2017/16xxx/CVE-2017-16372.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted Pointer Dereference" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101813" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "101813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101813" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16771.json b/2017/16xxx/CVE-2017-16771.json index 95f30821cbf..8228216a482 100644 --- a/2017/16xxx/CVE-2017-16771.json +++ b/2017/16xxx/CVE-2017-16771.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-03-22T00:00:00", - "ID" : "CVE-2017-16771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Photo Station", - "version" : { - "version_data" : [ - { - "version_value" : "before 6.8.3-3463" - }, - { - "version_value" : "before 6.3-2971" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-03-22T00:00:00", + "ID": "CVE-2017-16771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photo Station", + "version": { + "version_data": [ + { + "version_value": "before 6.8.3-3463" + }, + { + "version_value": "before 6.3-2971" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_18_02", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_18_02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_18_02", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_18_02" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4290.json b/2017/4xxx/CVE-2017-4290.json index 89d1278c35a..77b6bc2b10b 100644 --- a/2017/4xxx/CVE-2017-4290.json +++ b/2017/4xxx/CVE-2017-4290.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4290", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4290", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4630.json b/2017/4xxx/CVE-2017-4630.json index 0ec521f48b8..17fcb0a669b 100644 --- a/2017/4xxx/CVE-2017-4630.json +++ b/2017/4xxx/CVE-2017-4630.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4630", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4630", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4946.json b/2017/4xxx/CVE-2017-4946.json index 67d2dfaf5b6..9b747c3e864 100644 --- a/2017/4xxx/CVE-2017-4946.json +++ b/2017/4xxx/CVE-2017-4946.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-01-04T00:00:00", - "ID" : "CVE-2017-4946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "vRealize Operations for Horizon (V4H)", - "version" : { - "version_data" : [ - { - "version_value" : "6.x before 6.5.1" - } - ] - } - }, - { - "product_name" : "vRealize Operations for Published Applications (V4PA)", - "version" : { - "version_data" : [ - { - "version_value" : "6.x before 6.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-01-04T00:00:00", + "ID": "CVE-2017-4946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vRealize Operations for Horizon (V4H)", + "version": { + "version_data": [ + { + "version_value": "6.x before 6.5.1" + } + ] + } + }, + { + "product_name": "vRealize Operations for Published Applications (V4PA)", + "version": { + "version_data": [ + { + "version_value": "6.x before 6.5.1" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/", - "refsource" : "MISC", - "url" : "http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/" - }, - { - "name" : "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html" - }, - { - "name" : "102441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102441" - }, - { - "name" : "1040136", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/", + "refsource": "MISC", + "url": "http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/" + }, + { + "name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html" + }, + { + "name": "102441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102441" + }, + { + "name": "1040136", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040136" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18142.json b/2018/18xxx/CVE-2018-18142.json index 8e714c43d4f..f343e20fe95 100644 --- a/2018/18xxx/CVE-2018-18142.json +++ b/2018/18xxx/CVE-2018-18142.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18142", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18142", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18692.json b/2018/18xxx/CVE-2018-18692.json index 0aaa0dc6ab8..3250caddf7d 100644 --- a/2018/18xxx/CVE-2018-18692.json +++ b/2018/18xxx/CVE-2018-18692.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://atomic111.github.io/article/semcosoft-cross-site-scripting", - "refsource" : "MISC", - "url" : "https://atomic111.github.io/article/semcosoft-cross-site-scripting" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://atomic111.github.io/article/semcosoft-cross-site-scripting", + "refsource": "MISC", + "url": "https://atomic111.github.io/article/semcosoft-cross-site-scripting" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18873.json b/2018/18xxx/CVE-2018-18873.json index 091f2503122..37d9930eada 100644 --- a/2018/18xxx/CVE-2018-18873.json +++ b/2018/18xxx/CVE-2018-18873.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html" - }, - { - "name" : "https://github.com/mdadams/jasper/issues/184", - "refsource" : "MISC", - "url" : "https://github.com/mdadams/jasper/issues/184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html" + }, + { + "name": "https://github.com/mdadams/jasper/issues/184", + "refsource": "MISC", + "url": "https://github.com/mdadams/jasper/issues/184" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18921.json b/2018/18xxx/CVE-2018-18921.json index 9967957d078..0623d3784c3 100644 --- a/2018/18xxx/CVE-2018-18921.json +++ b/2018/18xxx/CVE-2018-18921.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/bugbountywriteup/cve-2018-18921-php-server-monitor-3-3-1-cross-site-request-forgery-a73e8dae563", - "refsource" : "MISC", - "url" : "https://medium.com/bugbountywriteup/cve-2018-18921-php-server-monitor-3-3-1-cross-site-request-forgery-a73e8dae563" - }, - { - "name" : "https://github.com/phpservermon/phpservermon/issues/670", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpservermon/phpservermon/issues/670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/bugbountywriteup/cve-2018-18921-php-server-monitor-3-3-1-cross-site-request-forgery-a73e8dae563", + "refsource": "MISC", + "url": "https://medium.com/bugbountywriteup/cve-2018-18921-php-server-monitor-3-3-1-cross-site-request-forgery-a73e8dae563" + }, + { + "name": "https://github.com/phpservermon/phpservermon/issues/670", + "refsource": "CONFIRM", + "url": "https://github.com/phpservermon/phpservermon/issues/670" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5014.json b/2018/5xxx/CVE-2018-5014.json index c286645ebc7..42fb3b07652 100644 --- a/2018/5xxx/CVE-2018-5014.json +++ b/2018/5xxx/CVE-2018-5014.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5078.json b/2018/5xxx/CVE-2018-5078.json index 8648692591b..09061478cef 100644 --- a/2018/5xxx/CVE-2018-5078.json +++ b/2018/5xxx/CVE-2018-5078.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Online Ticket Booking has XSS via the admin/eventlist.php cast parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Online Ticket Booking has XSS via the admin/eventlist.php cast parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5102.json b/2018/5xxx/CVE-2018-5102.json index c6b41180b39..f379e6cb455 100644 --- a/2018/5xxx/CVE-2018-5102.json +++ b/2018/5xxx/CVE-2018-5102.json @@ -1,145 +1,145 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.6" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.6" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "58" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free in HTML media elements" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.6" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "58" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" - }, - { - "name" : "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1419363", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1419363" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-03/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-03/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-04/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-04/" - }, - { - "name" : "DSA-4096", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4096" - }, - { - "name" : "DSA-4102", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4102" - }, - { - "name" : "RHSA-2018:0122", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0122" - }, - { - "name" : "RHSA-2018:0262", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0262" - }, - { - "name" : "USN-3544-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3544-1/" - }, - { - "name" : "102783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102783" - }, - { - "name" : "1040270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in HTML media elements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-03/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/" + }, + { + "name": "1040270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040270" + }, + { + "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" + }, + { + "name": "102783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102783" + }, + { + "name": "DSA-4096", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4096" + }, + { + "name": "RHSA-2018:0262", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0262" + }, + { + "name": "USN-3544-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3544-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-04/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/" + }, + { + "name": "RHSA-2018:0122", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0122" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" + }, + { + "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" + }, + { + "name": "DSA-4102", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4102" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1419363", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1419363" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5208.json b/2018/5xxx/CVE-2018-5208.json index 4467d270ac7..b42f6596ef6 100644 --- a/2018/5xxx/CVE-2018-5208.json +++ b/2018/5xxx/CVE-2018-5208.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://irssi.org/security/irssi_sa_2018_01.txt", - "refsource" : "CONFIRM", - "url" : "https://irssi.org/security/irssi_sa_2018_01.txt" - }, - { - "name" : "DSA-4162", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4162", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4162" + }, + { + "name": "https://irssi.org/security/irssi_sa_2018_01.txt", + "refsource": "CONFIRM", + "url": "https://irssi.org/security/irssi_sa_2018_01.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5670.json b/2018/5xxx/CVE-2018-5670.json index f8443defc17..4306fb960ca 100644 --- a/2018/5xxx/CVE-2018-5670.json +++ b/2018/5xxx/CVE-2018-5670.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9012", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/9012", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9012" + }, + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5696.json b/2018/5xxx/CVE-2018-5696.json index 88da62d930a..07325da073b 100644 --- a/2018/5xxx/CVE-2018-5696.json +++ b/2018/5xxx/CVE-2018-5696.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=1927", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=1927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=1927", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=1927" + } + ] + } +} \ No newline at end of file