From e1eef5d350dd86da4e7df7d3e14aef2298accdfc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 07:00:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0136.json | 190 +++++++++++------------ 2001/0xxx/CVE-2001-0487.json | 140 ++++++++--------- 2001/0xxx/CVE-2001-0737.json | 150 +++++++++--------- 2001/0xxx/CVE-2001-0857.json | 180 +++++++++++----------- 2001/1xxx/CVE-2001-1242.json | 160 +++++++++---------- 2001/1xxx/CVE-2001-1523.json | 120 +++++++-------- 2008/1xxx/CVE-2008-1281.json | 180 +++++++++++----------- 2008/1xxx/CVE-2008-1392.json | 210 ++++++++++++------------- 2008/1xxx/CVE-2008-1706.json | 190 +++++++++++------------ 2008/1xxx/CVE-2008-1750.json | 180 +++++++++++----------- 2008/5xxx/CVE-2008-5097.json | 170 ++++++++++----------- 2008/5xxx/CVE-2008-5108.json | 170 ++++++++++----------- 2008/5xxx/CVE-2008-5137.json | 130 ++++++++-------- 2008/5xxx/CVE-2008-5440.json | 200 ++++++++++++------------ 2008/5xxx/CVE-2008-5478.json | 34 ++--- 2008/5xxx/CVE-2008-5836.json | 34 ++--- 2011/2xxx/CVE-2011-2200.json | 270 ++++++++++++++++----------------- 2011/2xxx/CVE-2011-2327.json | 150 +++++++++--------- 2011/2xxx/CVE-2011-2682.json | 150 +++++++++--------- 2011/2xxx/CVE-2011-2683.json | 140 ++++++++--------- 2011/2xxx/CVE-2011-2756.json | 120 +++++++-------- 2011/2xxx/CVE-2011-2874.json | 160 +++++++++---------- 2013/0xxx/CVE-2013-0323.json | 180 +++++++++++----------- 2013/0xxx/CVE-2013-0578.json | 140 ++++++++--------- 2013/0xxx/CVE-2013-0826.json | 34 ++--- 2013/1xxx/CVE-2013-1207.json | 34 ++--- 2013/1xxx/CVE-2013-1225.json | 120 +++++++-------- 2013/1xxx/CVE-2013-1363.json | 34 ++--- 2013/1xxx/CVE-2013-1887.json | 210 ++++++++++++------------- 2013/3xxx/CVE-2013-3108.json | 34 ++--- 2013/3xxx/CVE-2013-3742.json | 130 ++++++++-------- 2013/4xxx/CVE-2013-4224.json | 34 ++--- 2013/4xxx/CVE-2013-4311.json | 180 +++++++++++----------- 2013/4xxx/CVE-2013-4622.json | 130 ++++++++-------- 2017/12xxx/CVE-2017-12162.json | 34 ++--- 2017/12xxx/CVE-2017-12796.json | 140 ++++++++--------- 2017/12xxx/CVE-2017-12944.json | 150 +++++++++--------- 2017/12xxx/CVE-2017-12950.json | 130 ++++++++-------- 2017/13xxx/CVE-2017-13083.json | 254 +++++++++++++++---------------- 2017/13xxx/CVE-2017-13588.json | 34 ++--- 2017/13xxx/CVE-2017-13609.json | 34 ++--- 2017/13xxx/CVE-2017-13931.json | 34 ++--- 2017/16xxx/CVE-2017-16000.json | 120 +++++++-------- 2017/16xxx/CVE-2017-16593.json | 120 +++++++-------- 2017/16xxx/CVE-2017-16595.json | 120 +++++++-------- 2017/16xxx/CVE-2017-16945.json | 140 ++++++++--------- 2017/17xxx/CVE-2017-17471.json | 120 +++++++-------- 2017/17xxx/CVE-2017-17899.json | 120 +++++++-------- 2017/4xxx/CVE-2017-4628.json | 34 ++--- 2017/4xxx/CVE-2017-4726.json | 34 ++--- 2018/18xxx/CVE-2018-18496.json | 142 ++++++++--------- 2018/18xxx/CVE-2018-18706.json | 120 +++++++-------- 2018/18xxx/CVE-2018-18922.json | 150 +++++++++--------- 2018/1xxx/CVE-2018-1014.json | 146 +++++++++--------- 2018/1xxx/CVE-2018-1386.json | 186 +++++++++++------------ 2018/1xxx/CVE-2018-1866.json | 34 ++--- 2018/1xxx/CVE-2018-1990.json | 34 ++--- 2018/5xxx/CVE-2018-5020.json | 140 ++++++++--------- 2018/5xxx/CVE-2018-5219.json | 120 +++++++-------- 2018/5xxx/CVE-2018-5312.json | 130 ++++++++-------- 2018/5xxx/CVE-2018-5640.json | 34 ++--- 2018/5xxx/CVE-2018-5661.json | 130 ++++++++-------- 2018/5xxx/CVE-2018-5675.json | 140 ++++++++--------- 63 files changed, 3906 insertions(+), 3906 deletions(-) diff --git a/2001/0xxx/CVE-2001-0136.json b/2001/0xxx/CVE-2001-0136.json index 0979c1adafb..f5c3660b711 100644 --- a/2001/0xxx/CVE-2001-0136.json +++ b/2001/0xxx/CVE-2001-0136.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001220 ProFTPD 1.2.0 Memory leakage - denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/152206" - }, - { - "name" : "20010109 Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html" - }, - { - "name" : "20010110 Re: Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html" - }, - { - "name" : "MDKSA-2001:021", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3" - }, - { - "name" : "DSA-029", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-029" - }, - { - "name" : "CLA-2001:380", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380" - }, - { - "name" : "20010213 Trustix Security Advisory - proftpd, kernel", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html" - }, - { - "name" : "proftpd-size-memory-leak(5801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2001:021", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3" + }, + { + "name": "CLA-2001:380", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380" + }, + { + "name": "proftpd-size-memory-leak(5801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5801" + }, + { + "name": "20010109 Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html" + }, + { + "name": "20010110 Re: Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html" + }, + { + "name": "20010213 Trustix Security Advisory - proftpd, kernel", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html" + }, + { + "name": "20001220 ProFTPD 1.2.0 Memory leakage - denial of service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/152206" + }, + { + "name": "DSA-029", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-029" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0487.json b/2001/0xxx/CVE-2001-0487.json index dcad15bb60c..2673103b246 100644 --- a/2001/0xxx/CVE-2001-0487.json +++ b/2001/0xxx/CVE-2001-0487.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY17630", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY17630&apar=only" - }, - { - "name" : "aix-snmpd-rst-dos(6996)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6996.php" - }, - { - "name" : "5611", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY17630", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY17630&apar=only" + }, + { + "name": "aix-snmpd-rst-dos(6996)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6996.php" + }, + { + "name": "5611", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5611" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0737.json b/2001/0xxx/CVE-2001-0737.json index 510cf586ff1..46236f91424 100644 --- a/2001/0xxx/CVE-2001-0737.json +++ b/2001/0xxx/CVE-2001-0737.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010516 logitech wireless devices: man-in-the-middle attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/185003" - }, - { - "name" : "20010522 Logitech vulnerability (DoS, man-in-the-middle-attack) - Resend", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/3B0A36C8.E9D8610@daten-treuhand.de" - }, - { - "name" : "logitech-wireless-unauthorized-access(6562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6562" - }, - { - "name" : "2738", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010516 logitech wireless devices: man-in-the-middle attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/185003" + }, + { + "name": "logitech-wireless-unauthorized-access(6562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6562" + }, + { + "name": "20010522 Logitech vulnerability (DoS, man-in-the-middle-attack) - Resend", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/3B0A36C8.E9D8610@daten-treuhand.de" + }, + { + "name": "2738", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2738" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0857.json b/2001/0xxx/CVE-2001-0857.json index 8163c15a59a..77d3bf6f8ea 100644 --- a/2001/0xxx/CVE-2001-0857.json +++ b/2001/0xxx/CVE-2001-0857.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011109 Imp Webmail session hijacking vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100535679608486&w=2" - }, - { - "name" : "20011110 IMP 2.2.7 (SECURITY) released", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100540578822469&w=2" - }, - { - "name" : "CLA-2001:437", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437" - }, - { - "name" : "CSSA-2001-039.0", - "refsource" : "CALDERA", - "url" : "http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt" - }, - { - "name" : "3525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3525" - }, - { - "name" : "668", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/668" - }, - { - "name" : "imp-css-steal-cookies(7496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2001:437", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437" + }, + { + "name": "imp-css-steal-cookies(7496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7496" + }, + { + "name": "20011109 Imp Webmail session hijacking vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100535679608486&w=2" + }, + { + "name": "CSSA-2001-039.0", + "refsource": "CALDERA", + "url": "http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt" + }, + { + "name": "20011110 IMP 2.2.7 (SECURITY) released", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100540578822469&w=2" + }, + { + "name": "668", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/668" + }, + { + "name": "3525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3525" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1242.json b/2001/1xxx/CVE-2001-1242.json index a64aa6b2921..b78ad49ed2a 100644 --- a/2001/1xxx/CVE-2001-1242.json +++ b/2001/1xxx/CVE-2001-1242.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010717 multiple vulnerabilities in un-cgi", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html" - }, - { - "name" : "20010718 Re: [Khamba Staring ] multiple vulnerabilities in un-cgi", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html" - }, - { - "name" : "http://www.midwinter.com/~koreth/uncgi-changes.html", - "refsource" : "CONFIRM", - "url" : "http://www.midwinter.com/~koreth/uncgi-changes.html" - }, - { - "name" : "3056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3056" - }, - { - "name" : "uncgi-dot-directory-traversal(6846)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6846.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010718 Re: [Khamba Staring ] multiple vulnerabilities in un-cgi", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html" + }, + { + "name": "http://www.midwinter.com/~koreth/uncgi-changes.html", + "refsource": "CONFIRM", + "url": "http://www.midwinter.com/~koreth/uncgi-changes.html" + }, + { + "name": "uncgi-dot-directory-traversal(6846)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6846.php" + }, + { + "name": "3056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3056" + }, + { + "name": "20010717 multiple vulnerabilities in un-cgi", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1523.json b/2001/1xxx/CVE-2001-1523.json index ed427f93c62..657d0c55276 100644 --- a/2001/1xxx/CVE-2001-1523.json +++ b/2001/1xxx/CVE-2001-1523.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011216 CSS in DMOZGateway ( php-nuke )", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0853.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011216 CSS in DMOZGateway ( php-nuke )", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0853.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1281.json b/2008/1xxx/CVE-2008-1281.json index 922c0fbb876..a9432a4cd67 100644 --- a/2008/1xxx/CVE-2008-1281.json +++ b/2008/1xxx/CVE-2008-1281.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080310 Directory traversal in Argon Client Management Services 1.31", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489363/100/0/threaded" - }, - { - "name" : "5230", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5230" - }, - { - "name" : "http://aluigi.altervista.org/adv/argonauti-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/argonauti-adv.txt" - }, - { - "name" : "28160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28160" - }, - { - "name" : "ADV-2008-0815", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0815/references" - }, - { - "name" : "29302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29302" - }, - { - "name" : "argoncms-tftpsrvs-directory-traversal(41076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "argoncms-tftpsrvs-directory-traversal(41076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41076" + }, + { + "name": "ADV-2008-0815", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0815/references" + }, + { + "name": "28160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28160" + }, + { + "name": "20080310 Directory traversal in Argon Client Management Services 1.31", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489363/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/argonauti-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/argonauti-adv.txt" + }, + { + "name": "5230", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5230" + }, + { + "name": "29302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29302" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1392.json b/2008/1xxx/CVE-2008-1392.json index 1ece7fc0736..572fd59f27c 100644 --- a/2008/1xxx/CVE-2008-1392.json +++ b/2008/1xxx/CVE-2008-1392.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489739/100/0/threaded" - }, - { - "name" : "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" - }, - { - "name" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" - }, - { - "name" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" - }, - { - "name" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "28276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28276" - }, - { - "name" : "3755", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3755" - }, - { - "name" : "vmware-vix-api-unspecified(41551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "3755", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3755" + }, + { + "name": "vmware-vix-api-unspecified(41551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41551" + }, + { + "name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" + }, + { + "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" + }, + { + "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" + }, + { + "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded" + }, + { + "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" + }, + { + "name": "28276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28276" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1706.json b/2008/1xxx/CVE-2008-1706.json index a503d660461..07884d7ddca 100644 --- a/2008/1xxx/CVE-2008-1706.json +++ b/2008/1xxx/CVE-2008-1706.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080326 Multiple vulnerabilities in solidDB 06.00.1018", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490129/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/soliduro-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/soliduro-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/soliduro.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/soliduro.zip" - }, - { - "name" : "28468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28468" - }, - { - "name" : "29512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29512" - }, - { - "name" : "ADV-2008-1038", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1038" - }, - { - "name" : "1019721", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019721" - }, - { - "name" : "ibm-soliddb-arrayindex-dos(41486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.org/poc/soliduro.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/soliduro.zip" + }, + { + "name": "29512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29512" + }, + { + "name": "1019721", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019721" + }, + { + "name": "28468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28468" + }, + { + "name": "ibm-soliddb-arrayindex-dos(41486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41486" + }, + { + "name": "20080326 Multiple vulnerabilities in solidDB 06.00.1018", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490129/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/soliduro-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/soliduro-adv.txt" + }, + { + "name": "ADV-2008-1038", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1038" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1750.json b/2008/1xxx/CVE-2008-1750.json index 812fc7b2e2e..4ac8d4e2efb 100644 --- a/2008/1xxx/CVE-2008-1750.json +++ b/2008/1xxx/CVE-2008-1750.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080503 Fixed: LiveCart SQL injection vulnerability fixed since version 1.1.2", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2008/May/0021.html" - }, - { - "name" : "5422", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5422" - }, - { - "name" : "http://livecart.com/news/LiveCart-1-1-2-released.12", - "refsource" : "CONFIRM", - "url" : "http://livecart.com/news/LiveCart-1-1-2-released.12" - }, - { - "name" : "28723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28723" - }, - { - "name" : "44358", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/44358" - }, - { - "name" : "29765", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29765" - }, - { - "name" : "livecart-id-sql-injection(41750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44358", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/44358" + }, + { + "name": "livecart-id-sql-injection(41750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41750" + }, + { + "name": "5422", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5422" + }, + { + "name": "20080503 Fixed: LiveCart SQL injection vulnerability fixed since version 1.1.2", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2008/May/0021.html" + }, + { + "name": "http://livecart.com/news/LiveCart-1-1-2-released.12", + "refsource": "CONFIRM", + "url": "http://livecart.com/news/LiveCart-1-1-2-released.12" + }, + { + "name": "29765", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29765" + }, + { + "name": "28723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28723" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5097.json b/2008/5xxx/CVE-2008-5097.json index b3daea3c56a..5ab628b949d 100644 --- a/2008/5xxx/CVE-2008-5097.json +++ b/2008/5xxx/CVE-2008-5097.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080920 MyFWB 1.0 Remote SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496553/100/0/threaded" - }, - { - "name" : "6501", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6501" - }, - { - "name" : "31269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31269" - }, - { - "name" : "31954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31954" - }, - { - "name" : "4597", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4597" - }, - { - "name" : "ADV-2008-2649", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2649", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2649" + }, + { + "name": "31954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31954" + }, + { + "name": "6501", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6501" + }, + { + "name": "20080920 MyFWB 1.0 Remote SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496553/100/0/threaded" + }, + { + "name": "31269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31269" + }, + { + "name": "4597", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4597" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5108.json b/2008/5xxx/CVE-2008-5108.json index 77721928382..1ecc232e6ba 100644 --- a/2008/5xxx/CVE-2008-5108.json +++ b/2008/5xxx/CVE-2008-5108.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-23.html" - }, - { - "name" : "32334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32334" - }, - { - "name" : "49915", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49915" - }, - { - "name" : "1021242", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021242" - }, - { - "name" : "32772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32772" - }, - { - "name" : "ADV-2008-3189", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3189", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3189" + }, + { + "name": "32334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32334" + }, + { + "name": "1021242", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021242" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-23.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-23.html" + }, + { + "name": "49915", + "refsource": "OSVDB", + "url": "http://osvdb.org/49915" + }, + { + "name": "32772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32772" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5137.json b/2008/5xxx/CVE-2008-5137.json index 786d334ed6c..4242458490d 100644 --- a/2008/5xxx/CVE-2008-5137.json +++ b/2008/5xxx/CVE-2008-5137.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-devel/2008/08/msg00285.html" - }, - { - "name" : "32407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32407" + }, + { + "name": "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-devel/2008/08/msg00285.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5440.json b/2008/5xxx/CVE-2008-5440.json index 8a0ab254ca8..58da6c054e0 100644 --- a/2008/5xxx/CVE-2008-5440.json +++ b/2008/5xxx/CVE-2008-5440.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-5440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090114 Oracle TimesTen Remote Format String", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500080/100/0/threaded" - }, - { - "name" : "20090114 ZDI-09-004: Oracle TimesTen evtdump Remote Format String Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500078/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-004/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-004/" - }, - { - "name" : "http://joxeankoret.com/blog/?p=41", - "refsource" : "MISC", - "url" : "http://joxeankoret.com/blog/?p=41" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-004", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-004" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "20090114 Oracle TimesTen Remote Format String", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500080/100/0/threaded" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-004/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-004/" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + }, + { + "name": "20090114 ZDI-09-004: Oracle TimesTen evtdump Remote Format String Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500078/100/0/threaded" + }, + { + "name": "http://joxeankoret.com/blog/?p=41", + "refsource": "MISC", + "url": "http://joxeankoret.com/blog/?p=41" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-004", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-004" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5478.json b/2008/5xxx/CVE-2008-5478.json index 2a42fb9a339..23c07f0fe1b 100644 --- a/2008/5xxx/CVE-2008-5478.json +++ b/2008/5xxx/CVE-2008-5478.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5478", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-5478", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5836.json b/2008/5xxx/CVE-2008-5836.json index f2ffc230137..0892f78d1fa 100644 --- a/2008/5xxx/CVE-2008-5836.json +++ b/2008/5xxx/CVE-2008-5836.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5836", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5836", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2200.json b/2011/2xxx/CVE-2011-2200.json index d115c69a68b..39b6313267e 100644 --- a/2011/2xxx/CVE-2011-2200.json +++ b/2011/2xxx/CVE-2011-2200.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dbus] 20070317 D-Bus daemon endianness issue", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html" - }, - { - "name" : "[dbus] 20110530 D-Bus daemon big and little endian issue", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html" - }, - { - "name" : "[oss-security] 20110612 Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/06/12/2" - }, - { - "name" : "[oss-security] 20110612 CVE Request -- dbus -- Local DoS via messages with non-native byte order", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/06/12/1" - }, - { - "name" : "[oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/06/13/12" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938" - }, - { - "name" : "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e" - }, - { - "name" : "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7" - }, - { - "name" : "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" - }, - { - "name" : "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=38120", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=38120" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=712676", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=712676" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "RHSA-2011:1132", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1132.html" - }, - { - "name" : "44896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44896" - }, - { - "name" : "dbus-nonnative-dos(67974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/06/13/12" + }, + { + "name": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e" + }, + { + "name": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4" + }, + { + "name": "[dbus] 20110530 D-Bus daemon big and little endian issue", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/dbus/2011-May/014408.html" + }, + { + "name": "RHSA-2011:1132", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1132.html" + }, + { + "name": "dbus-nonnative-dos(67974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67974" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=38120", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=38120" + }, + { + "name": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2" + }, + { + "name": "44896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44896" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=712676", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=712676" + }, + { + "name": "[oss-security] 20110612 CVE Request -- dbus -- Local DoS via messages with non-native byte order", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/06/12/1" + }, + { + "name": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.4&id=c3223ba6c401ba81df1305851312a47c485e6cd7" + }, + { + "name": "[oss-security] 20110612 Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/06/12/2" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938" + }, + { + "name": "[dbus] 20070317 D-Bus daemon endianness issue", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/dbus/2007-March/007357.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2327.json b/2011/2xxx/CVE-2011-2327.json index 3e64fac4fb9..c9cd98f6cc5 100644 --- a/2011/2xxx/CVE-2011-2327.json +++ b/2011/2xxx/CVE-2011-2327.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows local users to affect confidentiality via unknown vectors related to Delegated Administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50258" - }, - { - "name" : "76479", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76479" - }, - { - "name" : "46526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows local users to affect confidentiality via unknown vectors related to Delegated Administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76479", + "refsource": "OSVDB", + "url": "http://osvdb.org/76479" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "46526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46526" + }, + { + "name": "50258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50258" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2682.json b/2011/2xxx/CVE-2011-2682.json index 47f89dea3a0..ce2896d4453 100644 --- a/2011/2xxx/CVE-2011-2682.json +++ b/2011/2xxx/CVE-2011-2682.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg27020404", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg27020404" - }, - { - "name" : "PM38477", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM38477" - }, - { - "name" : "48520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48520" - }, - { - "name" : "rational-doors-login-dos(68484)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM38477", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM38477" + }, + { + "name": "48520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48520" + }, + { + "name": "rational-doors-login-dos(68484)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68484" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg27020404", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg27020404" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2683.json b/2011/2xxx/CVE-2011-2683.json index 5cd5fa615d4..bccdf80f0bd 100644 --- a/2011/2xxx/CVE-2011-2683.json +++ b/2011/2xxx/CVE-2011-2683.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140208 Fwd: Old CVE ids, public, but still", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/5" - }, - { - "name" : "http://www.openwall.com/lists/oss-security/2011/07/06/8", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/06/8" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/reseed/+bug/804594", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/reseed/+bug/804594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140208 Fwd: Old CVE ids, public, but still", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/08/5" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/reseed/+bug/804594", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/reseed/+bug/804594" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2011/07/06/8", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2011/07/06/8" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2756.json b/2011/2xxx/CVE-2011-2756.json index 7ee82a9505e..85cac720c58 100644 --- a/2011/2xxx/CVE-2011-2756.json +++ b/2011/2xxx/CVE-2011-2756.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#543310", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/543310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#543310", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/543310" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2874.json b/2011/2xxx/CVE-2011-2874.json index efdb9486839..d84a972b0b6 100644 --- a/2011/2xxx/CVE-2011-2874.json +++ b/2011/2xxx/CVE-2011-2874.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=95917", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=95917" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" - }, - { - "name" : "75567", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75567" - }, - { - "name" : "oval:org.mitre.oval:def:14454", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14454" - }, - { - "name" : "chrome-cert-code-execution(69892)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75567", + "refsource": "OSVDB", + "url": "http://osvdb.org/75567" + }, + { + "name": "chrome-cert-code-execution(69892)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69892" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=95917", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=95917" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" + }, + { + "name": "oval:org.mitre.oval:def:14454", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14454" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0323.json b/2013/0xxx/CVE-2013-0323.json index d02f3ac17b8..917686876c7 100644 --- a/2013/0xxx/CVE-2013-0323.json +++ b/2013/0xxx/CVE-2013-0323.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/21/5" - }, - { - "name" : "http://drupal.org/node/1922438", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1922438" - }, - { - "name" : "http://drupal.org/node/1922424", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1922424" - }, - { - "name" : "http://drupal.org/node/1922430", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1922430" - }, - { - "name" : "http://drupalcode.org/project/ds.git/commitdiff/45d490e", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/ds.git/commitdiff/45d490e" - }, - { - "name" : "http://drupalcode.org/project/ds.git/commitdiff/665c791", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/ds.git/commitdiff/665c791" - }, - { - "name" : "http://drupalcode.org/project/ds.git/commitdiff/90bcd8f", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/ds.git/commitdiff/90bcd8f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/21/5" + }, + { + "name": "http://drupalcode.org/project/ds.git/commitdiff/45d490e", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/ds.git/commitdiff/45d490e" + }, + { + "name": "http://drupal.org/node/1922430", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1922430" + }, + { + "name": "http://drupalcode.org/project/ds.git/commitdiff/90bcd8f", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/ds.git/commitdiff/90bcd8f" + }, + { + "name": "http://drupal.org/node/1922424", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1922424" + }, + { + "name": "http://drupal.org/node/1922438", + "refsource": "MISC", + "url": "http://drupal.org/node/1922438" + }, + { + "name": "http://drupalcode.org/project/ds.git/commitdiff/665c791", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/ds.git/commitdiff/665c791" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0578.json b/2013/0xxx/CVE-2013-0578.json index 0ace760c4b4..c92d085c31a 100644 --- a/2013/0xxx/CVE-2013-0578.json +++ b/2013/0xxx/CVE-2013-0578.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21636034", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21636034" - }, - { - "name" : "IC91829", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC91829" - }, - { - "name" : "ibm-sterling-cve20130578-info-disclosure(83330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IC91829", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC91829" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21636034", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21636034" + }, + { + "name": "ibm-sterling-cve20130578-info-disclosure(83330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83330" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0826.json b/2013/0xxx/CVE-2013-0826.json index 8c2507b115b..55c1b234bb6 100644 --- a/2013/0xxx/CVE-2013-0826.json +++ b/2013/0xxx/CVE-2013-0826.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0826", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0826", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1207.json b/2013/1xxx/CVE-2013-1207.json index 1f56a4f5615..aa16ee9005d 100644 --- a/2013/1xxx/CVE-2013-1207.json +++ b/2013/1xxx/CVE-2013-1207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1207", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1207", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1225.json b/2013/1xxx/CVE-2013-1225.json index 86b0bea2b6e..2f0050a0e7e 100644 --- a/2013/1xxx/CVE-2013-1225.json +++ b/2013/1xxx/CVE-2013-1225.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130508 Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130508 Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1363.json b/2013/1xxx/CVE-2013-1363.json index d7c8134e185..7584ce656b0 100644 --- a/2013/1xxx/CVE-2013-1363.json +++ b/2013/1xxx/CVE-2013-1363.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1363", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1363", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1887.json b/2013/1xxx/CVE-2013-1887.json index c91605c0ebd..00db60d82e0 100644 --- a/2013/1xxx/CVE-2013-1887.json +++ b/2013/1xxx/CVE-2013-1887.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Mar/193" - }, - { - "name" : "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/22/8" - }, - { - "name" : "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/25/4" - }, - { - "name" : "http://drupal.org/node/1948358", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1948358" - }, - { - "name" : "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html" - }, - { - "name" : "http://drupal.org/node/1948354", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1948354" - }, - { - "name" : "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac" - }, - { - "name" : "58621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58621" - }, - { - "name" : "91576", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/91576" - }, - { - "name" : "51540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51540" + }, + { + "name": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html" + }, + { + "name": "http://drupal.org/node/1948358", + "refsource": "MISC", + "url": "http://drupal.org/node/1948358" + }, + { + "name": "91576", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/91576" + }, + { + "name": "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/25/4" + }, + { + "name": "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Mar/193" + }, + { + "name": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac" + }, + { + "name": "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/22/8" + }, + { + "name": "58621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58621" + }, + { + "name": "http://drupal.org/node/1948354", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1948354" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3108.json b/2013/3xxx/CVE-2013-3108.json index 45536ab7c04..4d1e0919bd6 100644 --- a/2013/3xxx/CVE-2013-3108.json +++ b/2013/3xxx/CVE-2013-3108.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3108", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3108", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3742.json b/2013/3xxx/CVE-2013-3742.json index 1dc2079222d..fa8c239aea9 100644 --- a/2013/3xxx/CVE-2013-3742.json +++ b/2013/3xxx/CVE-2013-3742.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/9b3551601ce714adb5e3f428476052f0ec6093bf", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/9b3551601ce714adb5e3f428476052f0ec6093bf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/9b3551601ce714adb5e3f428476052f0ec6093bf", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/9b3551601ce714adb5e3f428476052f0ec6093bf" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4224.json b/2013/4xxx/CVE-2013-4224.json index eac691faf38..cdfefe8bb13 100644 --- a/2013/4xxx/CVE-2013-4224.json +++ b/2013/4xxx/CVE-2013-4224.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4224", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4224", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4311.json b/2013/4xxx/CVE-2013-4311.json index 5bf4dfcb1a8..49699701566 100644 --- a/2013/4xxx/CVE-2013-4311.json +++ b/2013/4xxx/CVE-2013-4311.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/18/6" - }, - { - "name" : "http://wiki.libvirt.org/page/Maintenance_Releases", - "refsource" : "CONFIRM", - "url" : "http://wiki.libvirt.org/page/Maintenance_Releases" - }, - { - "name" : "RHSA-2013:1272", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1272.html" - }, - { - "name" : "RHSA-2013:1460", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1460.html" - }, - { - "name" : "openSUSE-SU-2013:1549", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html" - }, - { - "name" : "openSUSE-SU-2013:1550", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html" - }, - { - "name" : "USN-1954-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1954-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1954-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1954-1" + }, + { + "name": "http://wiki.libvirt.org/page/Maintenance_Releases", + "refsource": "CONFIRM", + "url": "http://wiki.libvirt.org/page/Maintenance_Releases" + }, + { + "name": "[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/18/6" + }, + { + "name": "RHSA-2013:1272", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html" + }, + { + "name": "RHSA-2013:1460", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html" + }, + { + "name": "openSUSE-SU-2013:1550", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html" + }, + { + "name": "openSUSE-SU-2013:1549", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4622.json b/2013/4xxx/CVE-2013-4622.json index 7e9f9e26e72..86596316720 100644 --- a/2013/4xxx/CVE-2013-4622.json +++ b/2013/4xxx/CVE-2013-4622.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf", - "refsource" : "MISC", - "url" : "http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf" - }, - { - "name" : "http://support.verizonwireless.com/clc/devices/knowledge_base.html?id=35523", - "refsource" : "CONFIRM", - "url" : "http://support.verizonwireless.com/clc/devices/knowledge_base.html?id=35523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf", + "refsource": "MISC", + "url": "http://www1.cs.fau.de/filepool/projects/hotspot/hotspot.pdf" + }, + { + "name": "http://support.verizonwireless.com/clc/devices/knowledge_base.html?id=35523", + "refsource": "CONFIRM", + "url": "http://support.verizonwireless.com/clc/devices/knowledge_base.html?id=35523" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12162.json b/2017/12xxx/CVE-2017-12162.json index 11813b8950e..00a282e0fc8 100644 --- a/2017/12xxx/CVE-2017-12162.json +++ b/2017/12xxx/CVE-2017-12162.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12162", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12162", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12796.json b/2017/12xxx/CVE-2017-12796.json index 0c03a668c0f..bd20e0b8731 100644 --- a/2017/12xxx/CVE-2017-12796.json +++ b/2017/12xxx/CVE-2017-12796.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html", - "refsource" : "MISC", - "url" : "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html" - }, - { - "name" : "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291", - "refsource" : "MISC", - "url" : "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291" - }, - { - "name" : "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1", - "refsource" : "MISC", - "url" : "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291", + "refsource": "MISC", + "url": "https://talk.openmrs.org/t/critical-security-advisory-2017-09-12/13291" + }, + { + "name": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1", + "refsource": "MISC", + "url": "https://wiki.openmrs.org/display/RES/Release+Notes+2.6.1" + }, + { + "name": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html", + "refsource": "MISC", + "url": "https://isears.github.io/jekyll/update/2017/10/21/openmrs-rce.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12944.json b/2017/12xxx/CVE-2017-12944.json index d01b05cde42..a96dce3e792 100644 --- a/2017/12xxx/CVE-2017-12944.json +++ b/2017/12xxx/CVE-2017-12944.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2725", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2725" - }, - { - "name" : "DSA-4100", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4100" - }, - { - "name" : "USN-3602-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3602-1/" - }, - { - "name" : "USN-3606-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3606-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3606-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3606-1/" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2725", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2725" + }, + { + "name": "USN-3602-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3602-1/" + }, + { + "name": "DSA-4100", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4100" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12950.json b/2017/12xxx/CVE-2017-12950.json index f1a790958ce..12d78bfa9a5 100644 --- a/2017/12xxx/CVE-2017-12950.json +++ b/2017/12xxx/CVE-2017-12950.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42546", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42546/" - }, - { - "name" : "20170822 libgig-LinuxSampler multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Aug/39" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170822 libgig-LinuxSampler multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Aug/39" + }, + { + "name": "42546", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42546/" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13083.json b/2017/13xxx/CVE-2017-13083.json index ac8d26c4b68..32b84ccf1bd 100644 --- a/2017/13xxx/CVE-2017-13083.json +++ b/2017/13xxx/CVE-2017-13083.json @@ -1,130 +1,130 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-13083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rufus", + "version": { + "version_data": [ + { + "platform": "", + "version_value": "prior to 2.17.1187" + } + ] + } + } + ] + }, + "vendor_name": "Akeo Consulting" + } + ] + } + }, + "configuration": [], + "credit": [ + "Reported by Will Dormann of the CERT/CC" + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Rufus", - "version" : { - "version_data" : [ - { - "platform" : "", - "version_value" : "prior to 2.17.1187" - } - ] - } - } - ] - }, - "vendor_name" : "Akeo Consulting" + "lang": "eng", + "value": "Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code" } - ] - } - }, - "configuration" : [], - "credit" : [ - "Reported by Will Dormann of the CERT/CC" - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code" - } - ] - }, - "exploit" : "", - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295: Improper Certificate Validation\n" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-494: Download of Code Without Integrity Check" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-345: Insufficient Verification of Data Authenticity" - } - ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-347: Improper Verification of Cryptographic Signature" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cb", - "refsource" : "CONFIRM", - "url" : "https://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cb" - }, - { - "name" : "https://github.com/pbatard/rufus/issues/1009", - "refsource" : "CONFIRM", - "url" : "https://github.com/pbatard/rufus/issues/1009" - }, - { - "name" : "VU#403768", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/403768" - }, - { - "name" : "100516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100516" - } - ] - }, - "solution" : "Upgrade to Akeo Consulting Rufus version 2.17.1187 or later", - "work_around" : [ - { - "lang" : "eng", - "value" : "Manually download updates from https://rufus.akeo.ie/" - } - ] -} + ] + }, + "exploit": "", + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295: Improper Certificate Validation\n" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-494: Download of Code Without Integrity Check" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#403768", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/403768" + }, + { + "name": "https://github.com/pbatard/rufus/issues/1009", + "refsource": "CONFIRM", + "url": "https://github.com/pbatard/rufus/issues/1009" + }, + { + "name": "100516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100516" + }, + { + "name": "https://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cb", + "refsource": "CONFIRM", + "url": "https://github.com/pbatard/rufus/commit/c3c39f7f8a11f612c4ebf7affce25ec6928eb1cb" + } + ] + }, + "solution": "Upgrade to Akeo Consulting Rufus version 2.17.1187 or later", + "work_around": [ + { + "lang": "eng", + "value": "Manually download updates from https://rufus.akeo.ie/" + } + ] +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13588.json b/2017/13xxx/CVE-2017-13588.json index 46cf17eebf5..3ae7d17a26e 100644 --- a/2017/13xxx/CVE-2017-13588.json +++ b/2017/13xxx/CVE-2017-13588.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13588", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13588", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13609.json b/2017/13xxx/CVE-2017-13609.json index 4988786e596..9c0878482dd 100644 --- a/2017/13xxx/CVE-2017-13609.json +++ b/2017/13xxx/CVE-2017-13609.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13609", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13609", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13931.json b/2017/13xxx/CVE-2017-13931.json index c07f01490d6..3fc2914f25b 100644 --- a/2017/13xxx/CVE-2017-13931.json +++ b/2017/13xxx/CVE-2017-13931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13931", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13931", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16000.json b/2017/16xxx/CVE-2017-16000.json index 0c253e5ae2d..f8e60f396a7 100644 --- a/2017/16xxx/CVE-2017-16000.json +++ b/2017/16xxx/CVE-2017-16000.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_label_index.php-SQL%20injection%20vulnerability", - "refsource" : "MISC", - "url" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_label_index.php-SQL%20injection%20vulnerability" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_label_index.php-SQL%20injection%20vulnerability", + "refsource": "MISC", + "url": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_capacity_per_label_index.php-SQL%20injection%20vulnerability" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16593.json b/2017/16xxx/CVE-2017-16593.json index 0c48b4ee968..b7aa5999efb 100644 --- a/2017/16xxx/CVE-2017-16593.json +++ b/2017/16xxx/CVE-2017-16593.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetGain Systems Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.730 build 1034" - } - ] - } - } - ] - }, - "vendor_name" : "NetGain Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetGain Systems Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name": "NetGain Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-958", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-958", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-958" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16595.json b/2017/16xxx/CVE-2017-16595.json index 1e589e257dc..a5162784c5c 100644 --- a/2017/16xxx/CVE-2017-16595.json +++ b/2017/16xxx/CVE-2017-16595.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetGain Systems Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.730 build 1034" - } - ] - } - } - ] - }, - "vendor_name" : "NetGain Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetGain Systems Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name": "NetGain Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-960", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-960", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-960" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16945.json b/2017/16xxx/CVE-2017-16945.json index 8002939093b..65db5b4f339 100644 --- a/2017/16xxx/CVE-2017-16945.json +++ b/2017/16xxx/CVE-2017-16945.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43926", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43926/" - }, - { - "name" : "http://packetstormsecurity.com/files/146159/Arq-5.10-Local-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/146159/Arq-5.10-Local-Privilege-Escalation.html" - }, - { - "name" : "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html", - "refsource" : "MISC", - "url" : "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43926", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43926/" + }, + { + "name": "http://packetstormsecurity.com/files/146159/Arq-5.10-Local-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/146159/Arq-5.10-Local-Privilege-Escalation.html" + }, + { + "name": "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html", + "refsource": "MISC", + "url": "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17471.json b/2017/17xxx/CVE-2017-17471.json index 1727ec6d713..68cdcfb6910 100644 --- a/2017/17xxx/CVE-2017-17471.json +++ b/2017/17xxx/CVE-2017-17471.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82732140." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82732140", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82732140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82732140." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82732140", + "refsource": "MISC", + "url": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82732140" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17899.json b/2017/17xxx/CVE-2017-17899.json index 67db9b65e01..3e92df7fe5f 100644 --- a/2017/17xxx/CVE-2017-17899.json +++ b/2017/17xxx/CVE-2017-17899.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4628.json b/2017/4xxx/CVE-2017-4628.json index 80c95f3e418..ea83733090e 100644 --- a/2017/4xxx/CVE-2017-4628.json +++ b/2017/4xxx/CVE-2017-4628.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4628", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4628", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4726.json b/2017/4xxx/CVE-2017-4726.json index 4fdf4f6b722..b6e31eee675 100644 --- a/2017/4xxx/CVE-2017-4726.json +++ b/2017/4xxx/CVE-2017-4726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4726", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4726", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18496.json b/2018/18xxx/CVE-2018-18496.json index 2c9977d7bed..b5a8dbb7f0c 100644 --- a/2018/18xxx/CVE-2018-18496.json +++ b/2018/18xxx/CVE-2018-18496.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-18496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "64" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded feed preview page can be abused for clickjacking" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-18496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "64" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1422231", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1422231" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-29/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-29/" - }, - { - "name" : "106167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded feed preview page can be abused for clickjacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-29/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-29/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1422231", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1422231" + }, + { + "name": "106167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106167" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18706.json b/2018/18xxx/CVE-2018-18706.json index 9afe4dbf276..20446ea600a 100644 --- a/2018/18xxx/CVE-2018-18706.json +++ b/2018/18xxx/CVE-2018-18706.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the \"page\" parameter of the function \"fromDhcpListClient\" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/Tenda.md", - "refsource" : "MISC", - "url" : "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/Tenda.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the \"page\" parameter of the function \"fromDhcpListClient\" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/Tenda.md", + "refsource": "MISC", + "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-06/Tenda.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18922.json b/2018/18xxx/CVE-2018-18922.json index b3e6fdff981..fc1abbcfeaf 100644 --- a/2018/18xxx/CVE-2018-18922.json +++ b/2018/18xxx/CVE-2018-18922.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45892", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45892" - }, - { - "name" : "https://hackpuntes.com/cve-2018-18922-ticketly-1-0-escalacion-de-privilegios-crear-cuenta-administrador/", - "refsource" : "MISC", - "url" : "https://hackpuntes.com/cve-2018-18922-ticketly-1-0-escalacion-de-privilegios-crear-cuenta-administrador/" - }, - { - "name" : "https://medium.com/@javierolmedo/cve-2018-18922-ticketly-1-0-privilege-escalation-add-admin-4d1b3696f367", - "refsource" : "MISC", - "url" : "https://medium.com/@javierolmedo/cve-2018-18922-ticketly-1-0-privilege-escalation-add-admin-4d1b3696f367" - }, - { - "name" : "https://0day.today/exploit/31658", - "refsource" : "MISC", - "url" : "https://0day.today/exploit/31658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45892", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45892" + }, + { + "name": "https://0day.today/exploit/31658", + "refsource": "MISC", + "url": "https://0day.today/exploit/31658" + }, + { + "name": "https://medium.com/@javierolmedo/cve-2018-18922-ticketly-1-0-privilege-escalation-add-admin-4d1b3696f367", + "refsource": "MISC", + "url": "https://medium.com/@javierolmedo/cve-2018-18922-ticketly-1-0-privilege-escalation-add-admin-4d1b3696f367" + }, + { + "name": "https://hackpuntes.com/cve-2018-18922-ticketly-1-0-escalacion-de-privilegios-crear-cuenta-administrador/", + "refsource": "MISC", + "url": "https://hackpuntes.com/cve-2018-18922-ticketly-1-0-escalacion-de-privilegios-crear-cuenta-administrador/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1014.json b/2018/1xxx/CVE-2018-1014.json index 51875c1adee..d0f8e3455ea 100644 --- a/2018/1xxx/CVE-2018-1014.json +++ b/2018/1xxx/CVE-2018-1014.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-1014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Enterprise Server 2013 Service Pack 1" - }, - { - "version_value" : "Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-1014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Enterprise Server 2013 Service Pack 1" + }, + { + "version_value": "Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1014", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1014" - }, - { - "name" : "103638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103638" - }, - { - "name" : "1040666", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103638" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1014", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1014" + }, + { + "name": "1040666", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040666" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1386.json b/2018/1xxx/CVE-2018-1386.json index 9175a9f2b25..7299184df57 100644 --- a/2018/1xxx/CVE-2018-1386.json +++ b/2018/1xxx/CVE-2018-1386.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2018-1386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Workload Scheduler", - "version" : { - "version_data" : [ - { - "version_value" : "8.6" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "9.2" - }, - { - "version_value" : "9.3" - }, - { - "version_value" : "9.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "H", - "AV" : "L", - "C" : "H", - "I" : "H", - "PR" : "N", - "S" : "U", - "SCORE" : "7.400", - "UI" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2018-1386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Workload Scheduler", + "version": { + "version_data": [ + { + "version_value": "8.6" + }, + { + "version_value": "9.1" + }, + { + "version_value": "9.2" + }, + { + "version_value": "9.3" + }, + { + "version_value": "9.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012171", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012171" - }, - { - "name" : "ibm-tivoli-cve20181386-improper-perms(138208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "H", + "AV": "L", + "C": "H", + "I": "H", + "PR": "N", + "S": "U", + "SCORE": "7.400", + "UI": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012171", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012171" + }, + { + "name": "ibm-tivoli-cve20181386-improper-perms(138208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138208" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1866.json b/2018/1xxx/CVE-2018-1866.json index 42ce604386c..976a163dde9 100644 --- a/2018/1xxx/CVE-2018-1866.json +++ b/2018/1xxx/CVE-2018-1866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1866", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1866", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1990.json b/2018/1xxx/CVE-2018-1990.json index baef2204d53..ade5f5b2b91 100644 --- a/2018/1xxx/CVE-2018-1990.json +++ b/2018/1xxx/CVE-2018-1990.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1990", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1990", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5020.json b/2018/5xxx/CVE-2018-5020.json index 84f1d155369..244d77a3fa3 100644 --- a/2018/5xxx/CVE-2018-5020.json +++ b/2018/5xxx/CVE-2018-5020.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104701" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + }, + { + "name": "104701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104701" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5219.json b/2018/5xxx/CVE-2018-5219.json index 4bd9b7b5b10..31f92dcc23b 100644 --- a/2018/5xxx/CVE-2018-5219.json +++ b/2018/5xxx/CVE-2018-5219.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_83002168", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_83002168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_83002168", + "refsource": "MISC", + "url": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_83002168" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5312.json b/2018/5xxx/CVE-2018-5312.json index 4383e99311c..c70705a5972 100644 --- a/2018/5xxx/CVE-2018-5312.json +++ b/2018/5xxx/CVE-2018-5312.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/tabs-responsive.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/tabs-responsive.md" - }, - { - "name" : "https://wordpress.org/support/topic/stored-xss-bugs-at-the-latest-version-of-tabs-responsive/", - "refsource" : "MISC", - "url" : "https://wordpress.org/support/topic/stored-xss-bugs-at-the-latest-version-of-tabs-responsive/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/tabs-responsive.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/tabs-responsive.md" + }, + { + "name": "https://wordpress.org/support/topic/stored-xss-bugs-at-the-latest-version-of-tabs-responsive/", + "refsource": "MISC", + "url": "https://wordpress.org/support/topic/stored-xss-bugs-at-the-latest-version-of-tabs-responsive/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5640.json b/2018/5xxx/CVE-2018-5640.json index 8dc17580abb..efe586d5b30 100644 --- a/2018/5xxx/CVE-2018-5640.json +++ b/2018/5xxx/CVE-2018-5640.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5640", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5640", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5661.json b/2018/5xxx/CVE-2018-5661.json index 5abf512a87f..ebdab6e4c7f 100644 --- a/2018/5xxx/CVE-2018-5661.json +++ b/2018/5xxx/CVE-2018-5661.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_width parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9010", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_width parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/9010", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9010" + }, + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5675.json b/2018/5xxx/CVE-2018-5675.json index c99ccfc74d0..7bc37401dca 100644 --- a/2018/5xxx/CVE-2018-5675.json +++ b/2018/5xxx/CVE-2018-5675.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://srcincite.io/advisories/src-2018-0013/", - "refsource" : "MISC", - "url" : "https://srcincite.io/advisories/src-2018-0013/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "104300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "104300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104300" + }, + { + "name": "https://srcincite.io/advisories/src-2018-0013/", + "refsource": "MISC", + "url": "https://srcincite.io/advisories/src-2018-0013/" + } + ] + } +} \ No newline at end of file