From cee690d5d0068a3c4c5682bdb3980be0f90b853d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:46:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0542.json | 180 ++++++++--------- 2001/0xxx/CVE-2001-0867.json | 160 +++++++-------- 2001/0xxx/CVE-2001-0933.json | 120 ++++++------ 2001/1xxx/CVE-2001-1522.json | 130 ++++++------- 2006/2xxx/CVE-2006-2706.json | 170 ++++++++-------- 2006/2xxx/CVE-2006-2960.json | 160 +++++++-------- 2008/5xxx/CVE-2008-5004.json | 140 +++++++------- 2008/5xxx/CVE-2008-5526.json | 150 +++++++-------- 2008/5xxx/CVE-2008-5549.json | 190 +++++++++--------- 2008/5xxx/CVE-2008-5605.json | 160 +++++++-------- 2011/2xxx/CVE-2011-2237.json | 130 ++++++------- 2011/2xxx/CVE-2011-2652.json | 160 +++++++-------- 2011/2xxx/CVE-2011-2673.json | 140 +++++++------- 2011/3xxx/CVE-2011-3031.json | 220 ++++++++++----------- 2011/3xxx/CVE-2011-3700.json | 140 +++++++------- 2011/3xxx/CVE-2011-3790.json | 140 +++++++------- 2011/3xxx/CVE-2011-3962.json | 140 +++++++------- 2013/0xxx/CVE-2013-0197.json | 170 ++++++++-------- 2013/0xxx/CVE-2013-0199.json | 160 +++++++-------- 2013/0xxx/CVE-2013-0298.json | 120 ++++++------ 2013/0xxx/CVE-2013-0933.json | 120 ++++++------ 2013/1xxx/CVE-2013-1091.json | 150 +++++++-------- 2013/1xxx/CVE-2013-1246.json | 120 ++++++------ 2013/1xxx/CVE-2013-1595.json | 34 ++-- 2013/1xxx/CVE-2013-1796.json | 300 ++++++++++++++--------------- 2013/4xxx/CVE-2013-4027.json | 160 +++++++-------- 2013/4xxx/CVE-2013-4341.json | 130 ++++++------- 2013/4xxx/CVE-2013-4535.json | 34 ++-- 2013/5xxx/CVE-2013-5034.json | 130 ++++++------- 2013/5xxx/CVE-2013-5477.json | 120 ++++++------ 2013/5xxx/CVE-2013-5657.json | 34 ++-- 2017/0xxx/CVE-2017-0934.json | 132 ++++++------- 2017/1000xxx/CVE-2017-1000121.json | 124 ++++++------ 2017/1000xxx/CVE-2017-1000201.json | 134 ++++++------- 2017/12xxx/CVE-2017-12090.json | 122 ++++++------ 2017/12xxx/CVE-2017-12148.json | 156 +++++++-------- 2017/13xxx/CVE-2017-13157.json | 168 ++++++++-------- 2017/13xxx/CVE-2017-13189.json | 156 +++++++-------- 2017/13xxx/CVE-2017-13459.json | 34 ++-- 2017/16xxx/CVE-2017-16152.json | 132 ++++++------- 2017/16xxx/CVE-2017-16306.json | 34 ++-- 2017/16xxx/CVE-2017-16411.json | 140 +++++++------- 2017/16xxx/CVE-2017-16766.json | 128 ++++++------ 2017/4xxx/CVE-2017-4065.json | 34 ++-- 2017/4xxx/CVE-2017-4322.json | 34 ++-- 2017/4xxx/CVE-2017-4406.json | 34 ++-- 2017/4xxx/CVE-2017-4612.json | 34 ++-- 2018/18xxx/CVE-2018-18053.json | 34 ++-- 2018/18xxx/CVE-2018-18332.json | 120 ++++++------ 2018/18xxx/CVE-2018-18335.json | 162 ++++++++-------- 2018/18xxx/CVE-2018-18372.json | 120 ++++++------ 2018/18xxx/CVE-2018-18654.json | 120 ++++++------ 2018/5xxx/CVE-2018-5253.json | 120 ++++++------ 2018/5xxx/CVE-2018-5258.json | 140 +++++++------- 2018/5xxx/CVE-2018-5458.json | 148 +++++++------- 2018/5xxx/CVE-2018-5914.json | 120 ++++++------ 56 files changed, 3546 insertions(+), 3546 deletions(-) diff --git a/2001/0xxx/CVE-2001-0542.json b/2001/0xxx/CVE-2001-0542.json index e0475e5c107..10bf867ae0b 100644 --- a/2001/0xxx/CVE-2001-0542.json +++ b/2001/0xxx/CVE-2001-0542.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A122001-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2001/a122001-1.txt" - }, - { - "name" : "20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100891252317406&w=2" - }, - { - "name" : "MS01-060", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060" - }, - { - "name" : "VU#700575", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/700575" - }, - { - "name" : "3733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3733" - }, - { - "name" : "oval:org.mitre.oval:def:83", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83" - }, - { - "name" : "mssql-text-message-bo(7724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mssql-text-message-bo(7724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7724" + }, + { + "name": "20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100891252317406&w=2" + }, + { + "name": "3733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3733" + }, + { + "name": "VU#700575", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/700575" + }, + { + "name": "MS01-060", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060" + }, + { + "name": "oval:org.mitre.oval:def:83", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83" + }, + { + "name": "A122001-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2001/a122001-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0867.json b/2001/0xxx/CVE-2001-0867.json index d3ab3b96baa..3fb810447d5 100644 --- a/2001/0xxx/CVE-2001-0867.json +++ b/2001/0xxx/CVE-2001-0867.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the \"fragment\" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml" - }, - { - "name" : "M-018", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-018.shtml" - }, - { - "name" : "cisco-acl-fragment-bypass(7555)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7555" - }, - { - "name" : "3538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3538" - }, - { - "name" : "1989", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the \"fragment\" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "M-018", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-018.shtml" + }, + { + "name": "20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml" + }, + { + "name": "3538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3538" + }, + { + "name": "1989", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1989" + }, + { + "name": "cisco-acl-fragment-bypass(7555)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7555" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0933.json b/2001/0xxx/CVE-2001-0933.json index 42daf97ee04..c173606ca9b 100644 --- a/2001/0xxx/CVE-2001-0933.json +++ b/2001/0xxx/CVE-2001-0933.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. \"ls C:\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011128 PowerFTP-server-Bugs&Exploits-Remotes", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100698397818175&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. \"ls C:\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011128 PowerFTP-server-Bugs&Exploits-Remotes", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100698397818175&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1522.json b/2001/1xxx/CVE-2001-1522.json index 9972e8eb3c5..05a4fc876d0 100644 --- a/2001/1xxx/CVE-2001-1522.json +++ b/2001/1xxx/CVE-2001-1522.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011215 Security hole in IMessenger ( PHP-Nuke )", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0848.html" - }, - { - "name" : "20011215 Serious bug in IMessenger ( php-nuke )", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0851.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011215 Serious bug in IMessenger ( php-nuke )", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0851.html" + }, + { + "name": "20011215 Security hole in IMessenger ( PHP-Nuke )", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0848.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2706.json b/2006/2xxx/CVE-2006-2706.json index 008f83bd31e..9b431d75ed4 100644 --- a/2006/2xxx/CVE-2006-2706.json +++ b/2006/2xxx/CVE-2006-2706.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause a denial of service via forged \"session start\" messages that cause AVR to connect to arbitrary hosts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/WDON-6QANUZ", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/WDON-6QANUZ" - }, - { - "name" : "VU#487617", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/487617" - }, - { - "name" : "ADV-2006-2069", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2069" - }, - { - "name" : "1016184", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016184" - }, - { - "name" : "20378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20378" - }, - { - "name" : "c5evm-sessionstart-dos(26779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause a denial of service via forged \"session start\" messages that cause AVR to connect to arbitrary hosts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#487617", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/487617" + }, + { + "name": "20378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20378" + }, + { + "name": "ADV-2006-2069", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2069" + }, + { + "name": "http://www.kb.cert.org/vuls/id/WDON-6QANUZ", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/WDON-6QANUZ" + }, + { + "name": "1016184", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016184" + }, + { + "name": "c5evm-sessionstart-dos(26779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26779" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2960.json b/2006/2xxx/CVE-2006-2960.json index 8498d33ef36..98a51fb5199 100644 --- a/2006/2xxx/CVE-2006-2960.json +++ b/2006/2xxx/CVE-2006-2960.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060610 Joomla! 1.0 Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436707/100/0/threaded" - }, - { - "name" : "18363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18363" - }, - { - "name" : "1016269", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016269" - }, - { - "name" : "1074", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1074" - }, - { - "name" : "joomla-php-file-include(27135)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060610 Joomla! 1.0 Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436707/100/0/threaded" + }, + { + "name": "1074", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1074" + }, + { + "name": "1016269", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016269" + }, + { + "name": "18363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18363" + }, + { + "name": "joomla-php-file-include(27135)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27135" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5004.json b/2008/5xxx/CVE-2008-5004.json index 9ef4e9a0edd..cae5ba800ab 100644 --- a/2008/5xxx/CVE-2008-5004.json +++ b/2008/5xxx/CVE-2008-5004.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6925", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6925" - }, - { - "name" : "32040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32040" - }, - { - "name" : "bloggielite-genscode-sql-injection(46299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6925", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6925" + }, + { + "name": "32040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32040" + }, + { + "name": "bloggielite-genscode-sql-injection(46299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46299" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5526.json b/2008/5xxx/CVE-2008-5526.json index f9538ee613f..bf1ed9e3f3b 100644 --- a/2008/5xxx/CVE-2008-5526.json +++ b/2008/5xxx/CVE-2008-5526.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded" - }, - { - "name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded" - }, - { - "name" : "4723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4723" - }, - { - "name" : "multiple-antivirus-mzheader-code-execution(47435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-antivirus-mzheader-code-execution(47435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" + }, + { + "name": "4723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4723" + }, + { + "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded" + }, + { + "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5549.json b/2008/5xxx/CVE-2008-5549.json index e78e516b23a..a9fedba05c8 100644 --- a/2008/5xxx/CVE-2008-5549.json +++ b/2008/5xxx/CVE-2008-5549.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to \"access to secure files by ThemeServlet.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-12-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-12-1" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-01-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-01-1" - }, - { - "name" : "243886", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243886-1" - }, - { - "name" : "32770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32770" - }, - { - "name" : "ADV-2008-3408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3408" - }, - { - "name" : "1021380", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021380" - }, - { - "name" : "33120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33120" - }, - { - "name" : "jsps-webconsole-information-disclosure(47256)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to \"access to secure files by ThemeServlet.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jsps-webconsole-information-disclosure(47256)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47256" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-12-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-12-1" + }, + { + "name": "ADV-2008-3408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3408" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-01-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-01-1" + }, + { + "name": "33120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33120" + }, + { + "name": "32770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32770" + }, + { + "name": "243886", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243886-1" + }, + { + "name": "1021380", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021380" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5605.json b/2008/5xxx/CVE-2008-5605.json index 804f67966b4..e76b7d6e85b 100644 --- a/2008/5xxx/CVE-2008-5605.json +++ b/2008/5xxx/CVE-2008-5605.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7357", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7357" - }, - { - "name" : "32662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32662" - }, - { - "name" : "4763", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4763" - }, - { - "name" : "aspportal-classifieds-events-sql-injection(47127)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47127" - }, - { - "name" : "aspportal-classifieds-sql-injection(47268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspportal-classifieds-events-sql-injection(47127)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47127" + }, + { + "name": "32662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32662" + }, + { + "name": "aspportal-classifieds-sql-injection(47268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47268" + }, + { + "name": "4763", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4763" + }, + { + "name": "7357", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7357" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2237.json b/2011/2xxx/CVE-2011-2237.json index e7c3f455e88..c58766f2a07 100644 --- a/2011/2xxx/CVE-2011-2237.json +++ b/2011/2xxx/CVE-2011-2237.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console, a different vulnerability than CVE-2011-3523." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "76491", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console, a different vulnerability than CVE-2011-3523." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "76491", + "refsource": "OSVDB", + "url": "http://osvdb.org/76491" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2652.json b/2011/2xxx/CVE-2011-2652.json index 935cfe59ebd..87647f0f084 100644 --- a/2011/2xxx/CVE-2011-2652.json +++ b/2011/2xxx/CVE-2011-2652.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/security/cve/CVE-2011-2652.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2011-2652.html" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=702320", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=702320" - }, - { - "name" : "SUSE-SU-2011:0917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html" - }, - { - "name" : "49236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49236" - }, - { - "name" : "kiwi-overlay-files-xss(69287)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/security/cve/CVE-2011-2652.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2011-2652.html" + }, + { + "name": "49236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49236" + }, + { + "name": "kiwi-overlay-files-xss(69287)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69287" + }, + { + "name": "SUSE-SU-2011:0917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=702320", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=702320" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2673.json b/2011/2xxx/CVE-2011-2673.json index f5701bc1ec8..11ae901ab90 100644 --- a/2011/2xxx/CVE-2011-2673.json +++ b/2011/2xxx/CVE-2011-2673.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-2673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://basercms.net/patch/JVN09789751", - "refsource" : "CONFIRM", - "url" : "http://basercms.net/patch/JVN09789751" - }, - { - "name" : "JVN#09789751", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN09789751/index.html" - }, - { - "name" : "JVNDB-2011-000065", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://basercms.net/patch/JVN09789751", + "refsource": "CONFIRM", + "url": "http://basercms.net/patch/JVN09789751" + }, + { + "name": "JVN#09789751", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN09789751/index.html" + }, + { + "name": "JVNDB-2011-000065", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000065" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3031.json b/2011/3xxx/CVE-2011-3031.json index edae97fed49..30f1ee93ffb 100644 --- a/2011/3xxx/CVE-2011-3031.json +++ b/2011/3xxx/CVE-2011-3031.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=105867", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=105867" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" - }, - { - "name" : "GLSA-201203-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" - }, - { - "name" : "openSUSE-SU-2012:0374", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" - }, - { - "name" : "52271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52271" - }, - { - "name" : "oval:org.mitre.oval:def:14967", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14967" - }, - { - "name" : "1026759", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026759" - }, - { - "name" : "48527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48527" - }, - { - "name" : "48419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48419" - }, - { - "name" : "48265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48265" - }, - { - "name" : "google-element-code-execution(73642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14967", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14967" + }, + { + "name": "1026759", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026759" + }, + { + "name": "48527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48527" + }, + { + "name": "48265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48265" + }, + { + "name": "48419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48419" + }, + { + "name": "openSUSE-SU-2012:0374", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" + }, + { + "name": "google-element-code-execution(73642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73642" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=105867", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=105867" + }, + { + "name": "52271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52271" + }, + { + "name": "GLSA-201203-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-19.xml" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3700.json b/2011/3xxx/CVE-2011-3700.json index 3d6028dc80a..01049298ddb 100644 --- a/2011/3xxx/CVE-2011-3700.json +++ b/2011/3xxx/CVE-2011-3700.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/aef-1.0.8", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/aef-1.0.8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/aef-1.0.8", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/aef-1.0.8" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3790.json b/2011/3xxx/CVE-2011-3790.json index b7340f2e510..9b04d46923e 100644 --- a/2011/3xxx/CVE-2011-3790.json +++ b/2011/3xxx/CVE-2011-3790.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/piwigo-2.1.5", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/piwigo-2.1.5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/piwigo-2.1.5", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/piwigo-2.1.5" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3962.json b/2011/3xxx/CVE-2011-3962.json index 8874c115ea2..5877d674730 100644 --- a/2011/3xxx/CVE-2011-3962.json +++ b/2011/3xxx/CVE-2011-3962.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=108901", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=108901" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14249", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14249", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14249" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=108901", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=108901" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0197.json b/2013/0xxx/CVE-2013-0197.json index e2dc25138b5..34bacb187c3 100644 --- a/2013/0xxx/CVE-2013-0197.json +++ b/2013/0xxx/CVE-2013-0197.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130118 CVE request: MantisBT before 1.2.13 match_type XSS vulnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q1/118" - }, - { - "name" : "[oss-security] 20130118 Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q1/125" - }, - { - "name" : "[oss-security] 20130121 Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q1/140" - }, - { - "name" : "http://hauntit.blogspot.de/2013/01/en-mantis-bug-tracker-1212-persistent.html", - "refsource" : "MISC", - "url" : "http://hauntit.blogspot.de/2013/01/en-mantis-bug-tracker-1212-persistent.html" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=15373", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=15373" - }, - { - "name" : "51853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mantisbt.org/bugs/view.php?id=15373", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=15373" + }, + { + "name": "[oss-security] 20130118 Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q1/125" + }, + { + "name": "http://hauntit.blogspot.de/2013/01/en-mantis-bug-tracker-1212-persistent.html", + "refsource": "MISC", + "url": "http://hauntit.blogspot.de/2013/01/en-mantis-bug-tracker-1212-persistent.html" + }, + { + "name": "[oss-security] 20130121 Re: CVE request: MantisBT before 1.2.13 match_type XSS vulnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q1/140" + }, + { + "name": "51853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51853" + }, + { + "name": "[oss-security] 20130118 CVE request: MantisBT before 1.2.13 match_type XSS vulnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q1/118" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0199.json b/2013/0xxx/CVE-2013-0199.json index a3082669532..1d74f41aaeb 100644 --- a/2013/0xxx/CVE-2013-0199.json +++ b/2013/0xxx/CVE-2013-0199.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.freeipa.org/page/CVE-2013-0199", - "refsource" : "CONFIRM", - "url" : "http://www.freeipa.org/page/CVE-2013-0199" - }, - { - "name" : "http://www.freeipa.org/page/Releases/3.1.2", - "refsource" : "CONFIRM", - "url" : "http://www.freeipa.org/page/Releases/3.1.2" - }, - { - "name" : "57542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57542" - }, - { - "name" : "89539", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89539" - }, - { - "name" : "freeipa-crossrealm-info-disc(81486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57542" + }, + { + "name": "http://www.freeipa.org/page/Releases/3.1.2", + "refsource": "CONFIRM", + "url": "http://www.freeipa.org/page/Releases/3.1.2" + }, + { + "name": "freeipa-crossrealm-info-disc(81486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81486" + }, + { + "name": "89539", + "refsource": "OSVDB", + "url": "http://osvdb.org/89539" + }, + { + "name": "http://www.freeipa.org/page/CVE-2013-0199", + "refsource": "CONFIRM", + "url": "http://www.freeipa.org/page/CVE-2013-0199" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0298.json b/2013/0xxx/CVE-2013-0298.json index 372f9c58383..f95e1723eb2 100644 --- a/2013/0xxx/CVE-2013-0298.json +++ b/2013/0xxx/CVE-2013-0298.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-003/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-003/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0933.json b/2013/0xxx/CVE-2013-0933.json index a9b447ed6af..be8e229f4c3 100644 --- a/2013/0xxx/CVE-2013-0933.json +++ b/2013/0xxx/CVE-2013-0933.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-0933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130506 ESA-2013-015: RSA Archer GRC Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0023.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1091.json b/2013/1xxx/CVE-2013-1091.json index 82da4cf3530..685d4038a0f 100644 --- a/2013/1xxx/CVE-2013-1091.json +++ b/2013/1xxx/CVE-2013-1091.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Novell iPrint Client before 5.90 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download.novell.com/Download?buildid=k6yH0sy992E~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=k6yH0sy992E~" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012344", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012344" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=800593", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=800593" - }, - { - "name" : "59612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Novell iPrint Client before 5.90 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59612" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012344", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012344" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=800593", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=800593" + }, + { + "name": "http://download.novell.com/Download?buildid=k6yH0sy992E~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=k6yH0sy992E~" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1246.json b/2013/1xxx/CVE-2013-1246.json index 111188d577c..323ba9cfa20 100644 --- a/2013/1xxx/CVE-2013-1246.json +++ b/2013/1xxx/CVE-2013-1246.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130529 Cisco TelePresence System t-shell Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130529 Cisco TelePresence System t-shell Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1246" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1595.json b/2013/1xxx/CVE-2013-1595.json index 4b39a1ded41..93ee79e4feb 100644 --- a/2013/1xxx/CVE-2013-1595.json +++ b/2013/1xxx/CVE-2013-1595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1595", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1595", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1796.json b/2013/1xxx/CVE-2013-1796.json index acea8977a31..15fdbeafedf 100644 --- a/2013/1xxx/CVE-2013-1796.json +++ b/2013/1xxx/CVE-2013-1796.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/20/9" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c300aa64ddf57d9c5d9c898a64b36877345dd4a9", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c300aa64ddf57d9c5d9c898a64b36877345dd4a9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=917012", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=917012" - }, - { - "name" : "https://github.com/torvalds/linux/commit/c300aa64ddf57d9c5d9c898a64b36877345dd4a9", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/c300aa64ddf57d9c5d9c898a64b36877345dd4a9" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - }, - { - "name" : "RHSA-2013:0727", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0727.html" - }, - { - "name" : "RHSA-2013:0744", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0744.html" - }, - { - "name" : "RHSA-2013:0746", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0746.html" - }, - { - "name" : "RHSA-2013:0928", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0928.html" - }, - { - "name" : "RHSA-2013:1026", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1026.html" - }, - { - "name" : "openSUSE-SU-2013:0847", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html" - }, - { - "name" : "openSUSE-SU-2013:0925", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:1187", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" - }, - { - "name" : "USN-1805-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1805-1" - }, - { - "name" : "USN-1808-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1808-1" - }, - { - "name" : "USN-1809-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1809-1" - }, - { - "name" : "USN-1812-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1812-1" - }, - { - "name" : "USN-1813-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1813-1" - }, - { - "name" : "58607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0847", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html" + }, + { + "name": "openSUSE-SU-2013:1187", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" + }, + { + "name": "USN-1812-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1812-1" + }, + { + "name": "USN-1805-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1805-1" + }, + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "RHSA-2013:0928", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html" + }, + { + "name": "58607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58607" + }, + { + "name": "USN-1808-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1808-1" + }, + { + "name": "USN-1809-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1809-1" + }, + { + "name": "RHSA-2013:0727", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0727.html" + }, + { + "name": "[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/20/9" + }, + { + "name": "RHSA-2013:0744", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html" + }, + { + "name": "RHSA-2013:0746", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0746.html" + }, + { + "name": "USN-1813-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1813-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c300aa64ddf57d9c5d9c898a64b36877345dd4a9", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c300aa64ddf57d9c5d9c898a64b36877345dd4a9" + }, + { + "name": "openSUSE-SU-2013:0925", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/c300aa64ddf57d9c5d9c898a64b36877345dd4a9", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/c300aa64ddf57d9c5d9c898a64b36877345dd4a9" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=917012", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917012" + }, + { + "name": "RHSA-2013:1026", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4027.json b/2013/4xxx/CVE-2013-4027.json index 7e7764f0c89..346f82b6783 100644 --- a/2013/4xxx/CVE-2013-4027.json +++ b/2013/4xxx/CVE-2013-4027.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-4027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" - }, - { - "name" : "IV43491", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43491" - }, - { - "name" : "55068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55068" - }, - { - "name" : "55070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55070" - }, - { - "name" : "maximo-cve20134027-sec-bypass(86064)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55070" + }, + { + "name": "maximo-cve20134027-sec-bypass(86064)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86064" + }, + { + "name": "IV43491", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43491" + }, + { + "name": "55068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55068" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4341.json b/2013/4xxx/CVE-2013-4341.json index 1ad9db36546..a1e6e43a8da 100644 --- a/2013/4xxx/CVE-2013-4341.json +++ b/2013/4xxx/CVE-2013-4341.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41623", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41623" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=238399", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=238399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41623", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41623" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=238399", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=238399" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4535.json b/2013/4xxx/CVE-2013-4535.json index 45668a28b9a..a9bd8d8674d 100644 --- a/2013/4xxx/CVE-2013-4535.json +++ b/2013/4xxx/CVE-2013-4535.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4535", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4535", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5034.json b/2013/5xxx/CVE-2013-5034.json index f8c3ad83537..05a74e4394b 100644 --- a/2013/5xxx/CVE-2013-5034.json +++ b/2013/5xxx/CVE-2013-5034.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://atmail.com/changelog/", - "refsource" : "CONFIRM", - "url" : "http://atmail.com/changelog/" - }, - { - "name" : "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/", - "refsource" : "CONFIRM", - "url" : "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/", + "refsource": "CONFIRM", + "url": "http://blog.atmail.com/2013/atmail-7-1-2-security-hotfix/" + }, + { + "name": "http://atmail.com/changelog/", + "refsource": "CONFIRM", + "url": "http://atmail.com/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5477.json b/2013/5xxx/CVE-2013-5477.json index 726ddec2e09..6ad1549741b 100644 --- a/2013/5xxx/CVE-2013-5477.json +++ b/2013/5xxx/CVE-2013-5477.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130925 Cisco IOS Software Queue Wedge Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-wedge" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130925 Cisco IOS Software Queue Wedge Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-wedge" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5657.json b/2013/5xxx/CVE-2013-5657.json index f6b8ad34b01..908513a675e 100644 --- a/2013/5xxx/CVE-2013-5657.json +++ b/2013/5xxx/CVE-2013-5657.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5657", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5657", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0934.json b/2017/0xxx/CVE-2017-0934.json index 230a090c823..61f07c41d3a 100644 --- a/2017/0xxx/CVE-2017-0934.json +++ b/2017/0xxx/CVE-2017-0934.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2017-05-01T00:00:00", - "ID" : "CVE-2017-0934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EdgeRouter X", - "version" : { - "version_data" : [ - { - "version_value" : "EdgeOS v1.9.1 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Ubiquiti Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Privilege Management (CWE-269)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2017-05-01T00:00:00", + "ID": "CVE-2017-0934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EdgeRouter X", + "version": { + "version_data": [ + { + "version_value": "EdgeOS v1.9.1 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Ubiquiti Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/241044", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/241044" - }, - { - "name" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", - "refsource" : "CONFIRM", - "url" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Privilege Management (CWE-269)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/241044", + "refsource": "MISC", + "url": "https://hackerone.com/reports/241044" + }, + { + "name": "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", + "refsource": "CONFIRM", + "url": "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000121.json b/2017/1000xxx/CVE-2017-1000121.json index f2ab23b95cc..4458ff25546 100644 --- a/2017/1000xxx/CVE-2017-1000121.json +++ b/2017/1000xxx/CVE-2017-1000121.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.332815", - "ID" : "CVE-2017-1000121", - "REQUESTER" : "mcatanzaro@igalia.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebKit", - "version" : { - "version_data" : [ - { - "version_value" : "WebKitGTK+ prior to 2.16.3" - } - ] - } - } - ] - }, - "vendor_name" : "WebKit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.332815", + "ID": "CVE-2017-1000121", + "REQUESTER": "mcatanzaro@igalia.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.webkit.org/changeset/217126/webkit", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/217126/webkit" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.webkit.org/changeset/217126/webkit", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/217126/webkit" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000201.json b/2017/1000xxx/CVE-2017-1000201.json index cf3456f53e3..35695cefe5b 100644 --- a/2017/1000xxx/CVE-2017-1000201.json +++ b/2017/1000xxx/CVE-2017-1000201.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.428183", - "ID" : "CVE-2017-1000201", - "REQUESTER" : "mgerstner@suse.de", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "tcmu-runner", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.5 to 1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "https://github.com/open-iscsi/tcmu-runner" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.428183", + "ID": "CVE-2017-1000201", + "REQUESTER": "mgerstner@suse.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/e2d953050766ac538615a811c64b34358614edce", - "refsource" : "MISC", - "url" : "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/e2d953050766ac538615a811c64b34358614edce" - }, - { - "name" : "RHSA-2017:3277", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3277", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3277" + }, + { + "name": "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/e2d953050766ac538615a811c64b34358614edce", + "refsource": "MISC", + "url": "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/e2d953050766ac538615a811c64b34358614edce" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12090.json b/2017/12xxx/CVE-2017-12090.json index 4ee5dfd5ce7..7330e655413 100644 --- a/2017/12xxx/CVE-2017-12090.json +++ b/2017/12xxx/CVE-2017-12090.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-03-28T00:00:00", - "ID" : "CVE-2017-12090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Allen Bradley", - "version" : { - "version_data" : [ - { - "version_value" : "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-03-28T00:00:00", + "ID": "CVE-2017-12090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Allen Bradley", + "version": { + "version_data": [ + { + "version_value": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12148.json b/2017/12xxx/CVE-2017-12148.json index 2c28a8a8c28..6a5cb331ced 100644 --- a/2017/12xxx/CVE-2017-12148.json +++ b/2017/12xxx/CVE-2017-12148.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-12148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Ansible Tower", - "version" : { - "version_data" : [ - { - "version_value" : "3.1.5" - }, - { - "version_value" : "3.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.4/CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-12148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ansible Tower", + "version": { + "version_data": [ + { + "version_value": "3.1.5" + }, + { + "version_value": "3.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148" - }, - { - "name" : "RHSA-2017:3005", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.4/CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3005", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3005" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13157.json b/2017/13xxx/CVE-2017-13157.json index 0e8bf89e02e..c5ca654affd 100644 --- a/2017/13xxx/CVE-2017-13157.json +++ b/2017/13xxx/CVE-2017-13157.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-13157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-13157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "102109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102109" + }, + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13189.json b/2017/13xxx/CVE-2017-13189.json index cfb9287577a..1700f28b1fa 100644 --- a/2017/13xxx/CVE-2017-13189.json +++ b/2017/13xxx/CVE-2017-13189.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-13189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Other" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-13189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13459.json b/2017/13xxx/CVE-2017-13459.json index b805b5582b4..8b66894793e 100644 --- a/2017/13xxx/CVE-2017-13459.json +++ b/2017/13xxx/CVE-2017-13459.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13459", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13459", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16152.json b/2017/16xxx/CVE-2017-16152.json index 3d36a217431..6fc8c3fe903 100644 --- a/2017/16xxx/CVE-2017-16152.json +++ b/2017/16xxx/CVE-2017-16152.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "static-html-server node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "static-html-server node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/static-html-server", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/static-html-server" - }, - { - "name" : "https://nodesecurity.io/advisories/376", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/static-html-server", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/static-html-server" + }, + { + "name": "https://nodesecurity.io/advisories/376", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/376" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16306.json b/2017/16xxx/CVE-2017-16306.json index 4f49ab2d384..c678f2a4d34 100644 --- a/2017/16xxx/CVE-2017-16306.json +++ b/2017/16xxx/CVE-2017-16306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16411.json b/2017/16xxx/CVE-2017-16411.json index c0f0c207a3e..fc5a681dad4 100644 --- a/2017/16xxx/CVE-2017-16411.json +++ b/2017/16xxx/CVE-2017-16411.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted Pointer Dereference" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101813" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "101813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101813" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16766.json b/2017/16xxx/CVE-2017-16766.json index 865839bef04..7a2c4e7cf13 100644 --- a/2017/16xxx/CVE-2017-16766.json +++ b/2017/16xxx/CVE-2017-16766.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2017-11-24T00:00:00", - "ID" : "CVE-2017-16766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DiskStation Manager (DSM)", - "version" : { - "version_data" : [ - { - "version_value" : "before 6.1.4-15217" - }, - { - "version_value" : "before 6.0.3-8754-6" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control (CWE-284)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2017-11-24T00:00:00", + "ID": "CVE-2017-16766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DiskStation Manager (DSM)", + "version": { + "version_data": [ + { + "version_value": "before 6.1.4-15217" + }, + { + "version_value": "before 6.0.3-8754-6" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_74", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_74" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_74", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_74" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4065.json b/2017/4xxx/CVE-2017-4065.json index 25e37432939..c8ad2d9516e 100644 --- a/2017/4xxx/CVE-2017-4065.json +++ b/2017/4xxx/CVE-2017-4065.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4065", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4065", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4322.json b/2017/4xxx/CVE-2017-4322.json index ae7cb5396bd..3eb9801ce07 100644 --- a/2017/4xxx/CVE-2017-4322.json +++ b/2017/4xxx/CVE-2017-4322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4322", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4322", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4406.json b/2017/4xxx/CVE-2017-4406.json index 05663460aa5..6f105caed4c 100644 --- a/2017/4xxx/CVE-2017-4406.json +++ b/2017/4xxx/CVE-2017-4406.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4406", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4406", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4612.json b/2017/4xxx/CVE-2017-4612.json index e06f59e7d82..76f9a6976cb 100644 --- a/2017/4xxx/CVE-2017-4612.json +++ b/2017/4xxx/CVE-2017-4612.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4612", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4612", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18053.json b/2018/18xxx/CVE-2018-18053.json index 567a5259acd..eb86a84bb84 100644 --- a/2018/18xxx/CVE-2018-18053.json +++ b/2018/18xxx/CVE-2018-18053.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18053", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18053", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18332.json b/2018/18xxx/CVE-2018-18332.json index 96b930b4e2f..63a15586df0 100644 --- a/2018/18xxx/CVE-2018-18332.json +++ b/2018/18xxx/CVE-2018-18332.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-18332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan", - "version" : { - "version_data" : [ - { - "version_value" : "XG (12.0)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Weak File Permissions" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-18332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan", + "version": { + "version_data": [ + { + "version_value": "XG (12.0)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://success.trendmicro.com/solution/1121674", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1121674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weak File Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1121674", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1121674" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18335.json b/2018/18xxx/CVE-2018-18335.json index e13856ae706..879c038350e 100644 --- a/2018/18xxx/CVE-2018-18335.json +++ b/2018/18xxx/CVE-2018-18335.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-18335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-18335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/895362", - "refsource" : "MISC", - "url" : "https://crbug.com/895362" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4352", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4352" - }, - { - "name" : "RHSA-2018:3803", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3803" - }, - { - "name" : "106084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/895362", + "refsource": "MISC", + "url": "https://crbug.com/895362" + }, + { + "name": "RHSA-2018:3803", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3803" + }, + { + "name": "DSA-4352", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4352" + }, + { + "name": "106084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106084" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18372.json b/2018/18xxx/CVE-2018-18372.json index 9d4cbad4393..6f77abbc202 100644 --- a/2018/18xxx/CVE-2018-18372.json +++ b/2018/18xxx/CVE-2018-18372.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/149805/Library-CMS-2.1.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149805/Library-CMS-2.1.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149805/Library-CMS-2.1.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149805/Library-CMS-2.1.1-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18654.json b/2018/18xxx/CVE-2018-18654.json index 786fa2d24f3..f3036e82278 100644 --- a/2018/18xxx/CVE-2018-18654.json +++ b/2018/18xxx/CVE-2018-18654.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/911877", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/911877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/911877", + "refsource": "MISC", + "url": "https://bugs.debian.org/911877" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5253.json b/2018/5xxx/CVE-2018-5253.json index 87e8477f54c..f1cf6d9b120 100644 --- a/2018/5xxx/CVE-2018-5253.json +++ b/2018/5xxx/CVE-2018-5253.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/233", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/233", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/233" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5258.json b/2018/5xxx/CVE-2018-5258.json index 018d5055915..5c8ca3b8851 100644 --- a/2018/5xxx/CVE-2018-5258.json +++ b/2018/5xxx/CVE-2018-5258.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f", - "refsource" : "MISC", - "url" : "https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f" - }, - { - "name" : "https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb", - "refsource" : "MISC", - "url" : "https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb" - }, - { - "name" : "https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm", - "refsource" : "MISC", - "url" : "https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f", + "refsource": "MISC", + "url": "https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f" + }, + { + "name": "https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm", + "refsource": "MISC", + "url": "https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm" + }, + { + "name": "https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb", + "refsource": "MISC", + "url": "https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5458.json b/2018/5xxx/CVE-2018-5458.json index 563ffa32952..6632bac1249 100644 --- a/2018/5xxx/CVE-2018-5458.json +++ b/2018/5xxx/CVE-2018-5458.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-02-27T00:00:00", - "ID" : "CVE-2018-5458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Philips IntelliSpace Portal", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.x" - }, - { - "version_value" : "7.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Philips" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CRYPTOGRAPHIC ISSUES CWE-310" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-02-27T00:00:00", + "ID": "CVE-2018-5458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Philips IntelliSpace Portal", + "version": { + "version_data": [ + { + "version_value": "8.0.x" + }, + { + "version_value": "7.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Philips" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", - "refsource" : "CONFIRM", - "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" - }, - { - "name" : "103182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CRYPTOGRAPHIC ISSUES CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource": "CONFIRM", + "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" + }, + { + "name": "103182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103182" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5914.json b/2018/5xxx/CVE-2018-5914.json index b388c53f0e1..13f1c64d41b 100644 --- a/2018/5xxx/CVE-2018-5914.json +++ b/2018/5xxx/CVE-2018-5914.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-5914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in TZ CORE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-5914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in TZ CORE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file