diff --git a/2001/0xxx/CVE-2001-0002.json b/2001/0xxx/CVE-2001-0002.json index 305069630f6..eaa94bd43d7 100644 --- a/2001/0xxx/CVE-2001-0002.json +++ b/2001/0xxx/CVE-2001-0002.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-015", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015" - }, - { - "name" : "http://www.guninski.com/chmtempmain.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/chmtempmain.html" - }, - { - "name" : "2456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2456" - }, - { - "name" : "7823", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7823" - }, - { - "name" : "oval:org.mitre.oval:def:920", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920" - }, - { - "name" : "ie-chm-execute-files(5567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:920", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920" + }, + { + "name": "7823", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7823" + }, + { + "name": "MS01-015", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015" + }, + { + "name": "ie-chm-execute-files(5567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5567" + }, + { + "name": "2456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2456" + }, + { + "name": "http://www.guninski.com/chmtempmain.html", + "refsource": "MISC", + "url": "http://www.guninski.com/chmtempmain.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0253.json b/2001/0xxx/CVE-2001-0253.json index 8fa034944d4..b65a6d6ae15 100644 --- a/2001/0xxx/CVE-2001-0253.json +++ b/2001/0xxx/CVE-2001-0253.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010128 Hyperseek 2000 Search Engine - \"show directory & files\" bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0463.html" - }, - { - "name" : "VU#146704", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/146704" - }, - { - "name" : "2314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2314" - }, - { - "name" : "hyperseek-cgi-reveal-info(6012)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#146704", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/146704" + }, + { + "name": "2314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2314" + }, + { + "name": "20010128 Hyperseek 2000 Search Engine - \"show directory & files\" bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0463.html" + }, + { + "name": "hyperseek-cgi-reveal-info(6012)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6012" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0516.json b/2001/0xxx/CVE-2001-0516.json index 13be33b8262..49ebb90689a 100644 --- a/2001/0xxx/CVE-2001-0516.json +++ b/2001/0xxx/CVE-2001-0516.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise82.php" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise82.php" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0667.json b/2001/0xxx/CVE-2001-0667.json index d4a78a56402..1f1d4a5baae 100644 --- a/2001/0xxx/CVE-2001-0667.json +++ b/2001/0xxx/CVE-2001-0667.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051" - }, - { - "name" : "M-024", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-024.shtml" - }, - { - "name" : "VU#952611", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/952611" - }, - { - "name" : "ie-telnet-command-execution-variant(7260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#952611", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/952611" + }, + { + "name": "MS01-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051" + }, + { + "name": "ie-telnet-command-execution-variant(7260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7260" + }, + { + "name": "M-024", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-024.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0754.json b/2001/0xxx/CVE-2001-0754.json index 5b28f305a59..9716bdc4552 100644 --- a/2001/0xxx/CVE-2001-0754.json +++ b/2001/0xxx/CVE-2001-0754.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010522 More Multiple Vulnerabilities in CBOS", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html" - }, - { - "name" : "cisco-cbos-multiple-echo(7299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010522 More Multiple Vulnerabilities in CBOS", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html" + }, + { + "name": "cisco-cbos-multiple-echo(7299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7299" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0771.json b/2001/0xxx/CVE-2001-0771.json index ccf53ef2e35..1d9f84f3cff 100644 --- a/2001/0xxx/CVE-2001-0771.json +++ b/2001/0xxx/CVE-2001-0771.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the \"loginpass\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010521 SpyAnywhere Authentication Bypassing Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/186006" - }, - { - "name" : "2755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2755" - }, - { - "name" : "spyanywhere-weak-authentication(6578)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the \"loginpass\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010521 SpyAnywhere Authentication Bypassing Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/186006" + }, + { + "name": "spyanywhere-weak-authentication(6578)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6578" + }, + { + "name": "2755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2755" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0924.json b/2001/0xxx/CVE-2001-0924.json index ce42df3ace5..d71edd38eda 100644 --- a/2001/0xxx/CVE-2001-0924.json +++ b/2001/0xxx/CVE-2001-0924.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011122 double dot vulnerability on a site running Informix database.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100654890029878&w=2" - }, - { - "name" : "20011127 Re: double dot vulnerability on a site running Informix database.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100688672019635&w=2" - }, - { - "name" : "3575", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3575" - }, - { - "name" : "informix-web-datablade-directory-traversal(7585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011127 Re: double dot vulnerability on a site running Informix database.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100688672019635&w=2" + }, + { + "name": "informix-web-datablade-directory-traversal(7585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7585" + }, + { + "name": "3575", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3575" + }, + { + "name": "20011122 double dot vulnerability on a site running Informix database.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100654890029878&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1567.json b/2001/1xxx/CVE-2001-1567.json index 6b29f8306e8..36fedbffa68 100644 --- a/2001/1xxx/CVE-2001-1567.json +++ b/2001/1xxx/CVE-2001-1567.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of \"+\" characters before the .nsf file extension, which are converted to spaces by Domino." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020203 Lotus Domino password bypass", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101284222932568&w=2" - }, - { - "name" : "20020204 Lotus Domino password bypass", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101286525008089&w=2" - }, - { - "name" : "20020204 Re: Lotus Domino password bypass", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101285903120879&w=2" - }, - { - "name" : "http://www.nextgenss.com/papers/hpldws.pdf", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/papers/hpldws.pdf" - }, - { - "name" : "4022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4022" - }, - { - "name" : "lotus-domino-auth-bypass(8072)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8072.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of \"+\" characters before the .nsf file extension, which are converted to spaces by Domino." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020204 Re: Lotus Domino password bypass", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101285903120879&w=2" + }, + { + "name": "20020203 Lotus Domino password bypass", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101284222932568&w=2" + }, + { + "name": "lotus-domino-auth-bypass(8072)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8072.php" + }, + { + "name": "20020204 Lotus Domino password bypass", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101286525008089&w=2" + }, + { + "name": "4022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4022" + }, + { + "name": "http://www.nextgenss.com/papers/hpldws.pdf", + "refsource": "MISC", + "url": "http://www.nextgenss.com/papers/hpldws.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2248.json b/2006/2xxx/CVE-2006-2248.json index a0f3e4c7d1a..e1f116a2efc 100644 --- a/2006/2xxx/CVE-2006-2248.json +++ b/2006/2xxx/CVE-2006-2248.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-20/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-20/advisory/" - }, - { - "name" : "17858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17858" - }, - { - "name" : "ADV-2006-1682", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1682" - }, - { - "name" : "25283", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25283" - }, - { - "name" : "19325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19325" - }, - { - "name" : "xeneo-script-source-disclosure(26294)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1682", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1682" + }, + { + "name": "http://secunia.com/secunia_research/2006-20/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-20/advisory/" + }, + { + "name": "19325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19325" + }, + { + "name": "xeneo-script-source-disclosure(26294)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26294" + }, + { + "name": "17858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17858" + }, + { + "name": "25283", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25283" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2503.json b/2006/2xxx/CVE-2006-2503.json index 8818fbe8397..f3485b31072 100644 --- a/2006/2xxx/CVE-2006-2503.json +++ b/2006/2xxx/CVE-2006-2503.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060515 DeluxeBB 1.06 Remote SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434040/100/0/threaded" - }, - { - "name" : "17989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17989" - }, - { - "name" : "ADV-2006-1823", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1823" - }, - { - "name" : "25529", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25529" - }, - { - "name" : "20104", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20104" - }, - { - "name" : "935", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/935" - }, - { - "name" : "deluxebb-misc-sql-injection(26469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "deluxebb-misc-sql-injection(26469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26469" + }, + { + "name": "ADV-2006-1823", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1823" + }, + { + "name": "20104", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20104" + }, + { + "name": "17989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17989" + }, + { + "name": "20060515 DeluxeBB 1.06 Remote SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434040/100/0/threaded" + }, + { + "name": "935", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/935" + }, + { + "name": "25529", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25529" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2745.json b/2006/2xxx/CVE-2006-2745.json index fed9271c66d..d4eef9a4aad 100644 --- a/2006/2xxx/CVE-2006-2745.json +++ b/2006/2xxx/CVE-2006-2745.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple \"p-themes\" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 Advisory: F@cile Interactive Web <= 0.8x Multiple RemoteVulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435283/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?getxpl=35", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?getxpl=35" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=35", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=35" - }, - { - "name" : "18149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18149" - }, - { - "name" : "ADV-2006-2036", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2036" - }, - { - "name" : "26101", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26101" - }, - { - "name" : "26102", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26102" - }, - { - "name" : "26103", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26103" - }, - { - "name" : "20358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20358" - }, - { - "name" : "1010", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1010" - }, - { - "name" : "f@cile-peditpage-peditbox-file-include(26841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26841" - }, - { - "name" : "f@cile-themes-file-include(26854)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple \"p-themes\" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060528 Advisory: F@cile Interactive Web <= 0.8x Multiple RemoteVulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435283/100/0/threaded" + }, + { + "name": "f@cile-themes-file-include(26854)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26854" + }, + { + "name": "http://www.nukedx.com/?viewdoc=35", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=35" + }, + { + "name": "ADV-2006-2036", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2036" + }, + { + "name": "f@cile-peditpage-peditbox-file-include(26841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26841" + }, + { + "name": "http://www.nukedx.com/?getxpl=35", + "refsource": "MISC", + "url": "http://www.nukedx.com/?getxpl=35" + }, + { + "name": "26101", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26101" + }, + { + "name": "26103", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26103" + }, + { + "name": "18149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18149" + }, + { + "name": "26102", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26102" + }, + { + "name": "20358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20358" + }, + { + "name": "1010", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1010" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2868.json b/2006/2xxx/CVE-2006-2868.json index 53fcba3a655..76499e89666 100644 --- a/2006/2xxx/CVE-2006-2868.json +++ b/2006/2xxx/CVE-2006-2868.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1877", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1877" - }, - { - "name" : "18265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18265" - }, - { - "name" : "ADV-2006-2126", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2126" - }, - { - "name" : "25324", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25324" - }, - { - "name" : "25327", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25327" - }, - { - "name" : "20434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20434" - }, - { - "name" : "claroline-includepath-file-include(26909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25324", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25324" + }, + { + "name": "18265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18265" + }, + { + "name": "25327", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25327" + }, + { + "name": "claroline-includepath-file-include(26909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26909" + }, + { + "name": "ADV-2006-2126", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2126" + }, + { + "name": "20434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20434" + }, + { + "name": "1877", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1877" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5922.json b/2008/5xxx/CVE-2008-5922.json index ef1e464bc00..672f6107fcf 100644 --- a/2008/5xxx/CVE-2008-5922.json +++ b/2008/5xxx/CVE-2008-5922.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081214 CFAGCMS Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499213/100/0/threaded" - }, - { - "name" : "7459", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7459" - }, - { - "name" : "http://www.bugreport.ir/index_58.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/index_58.htm" - }, - { - "name" : "32817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32817" - }, - { - "name" : "4926", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bugreport.ir/index_58.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/index_58.htm" + }, + { + "name": "32817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32817" + }, + { + "name": "7459", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7459" + }, + { + "name": "4926", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4926" + }, + { + "name": "20081214 CFAGCMS Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499213/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2595.json b/2011/2xxx/CVE-2011-2595.json index 0252c2386ca..9ca18ab9ea1 100644 --- a/2011/2xxx/CVE-2011-2595.json +++ b/2011/2xxx/CVE-2011-2595.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-2595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "49558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49558" - }, - { - "name" : "75425", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75425" - }, - { - "name" : "44722", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44722" - }, - { - "name" : "fotoslate-plp-bo(69723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75425", + "refsource": "OSVDB", + "url": "http://osvdb.org/75425" + }, + { + "name": "fotoslate-plp-bo(69723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69723" + }, + { + "name": "44722", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44722" + }, + { + "name": "49558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49558" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2896.json b/2011/2xxx/CVE-2011-2896.json index 840e3ca77c6..de51d1ac948 100644 --- a/2011/2xxx/CVE-2011-2896.json +++ b/2011/2xxx/CVE-2011-2896.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110810 LZW decompression issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/10/10" - }, - { - "name" : "http://cups.org/str.php?L3867", - "refsource" : "CONFIRM", - "url" : "http://cups.org/str.php?L3867" - }, - { - "name" : "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc", - "refsource" : "CONFIRM", - "url" : "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=727800", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=727800" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=730338", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=730338" - }, - { - "name" : "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4", - "refsource" : "CONFIRM", - "url" : "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4" - }, - { - "name" : "DSA-2354", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2354" - }, - { - "name" : "DSA-2426", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2426" - }, - { - "name" : "FEDORA-2011-11173", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html" - }, - { - "name" : "FEDORA-2011-11197", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html" - }, - { - "name" : "FEDORA-2011-11221", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html" - }, - { - "name" : "FEDORA-2011-11229", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html" - }, - { - "name" : "FEDORA-2011-11305", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html" - }, - { - "name" : "FEDORA-2011-11318", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html" - }, - { - "name" : "GLSA-201209-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-23.xml" - }, - { - "name" : "MDVSA-2011:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146" - }, - { - "name" : "MDVSA-2011:167", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167" - }, - { - "name" : "RHSA-2011:1635", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1635.html" - }, - { - "name" : "RHSA-2012:1180", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1180.html" - }, - { - "name" : "RHSA-2012:1181", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1181.html" - }, - { - "name" : "USN-1207-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1207-1" - }, - { - "name" : "USN-1214-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1214-1" - }, - { - "name" : "49148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49148" - }, - { - "name" : "1025929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025929" - }, - { - "name" : "45621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45621" - }, - { - "name" : "45945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45945" - }, - { - "name" : "45948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45948" - }, - { - "name" : "46024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46024" - }, - { - "name" : "45900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45900" - }, - { - "name" : "50737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50737" - }, - { - "name" : "48236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48236" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2426", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2426" + }, + { + "name": "FEDORA-2011-11318", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html" + }, + { + "name": "GLSA-201209-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" + }, + { + "name": "http://cups.org/str.php?L3867", + "refsource": "CONFIRM", + "url": "http://cups.org/str.php?L3867" + }, + { + "name": "[oss-security] 20110810 LZW decompression issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/10/10" + }, + { + "name": "USN-1207-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1207-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=727800", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800" + }, + { + "name": "RHSA-2012:1180", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "DSA-2354", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2354" + }, + { + "name": "45948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45948" + }, + { + "name": "RHSA-2012:1181", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html" + }, + { + "name": "46024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46024" + }, + { + "name": "45900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45900" + }, + { + "name": "RHSA-2011:1635", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html" + }, + { + "name": "FEDORA-2011-11221", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html" + }, + { + "name": "FEDORA-2011-11173", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=730338", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338" + }, + { + "name": "49148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49148" + }, + { + "name": "MDVSA-2011:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146" + }, + { + "name": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4", + "refsource": "CONFIRM", + "url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4" + }, + { + "name": "FEDORA-2011-11305", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html" + }, + { + "name": "USN-1214-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1214-1" + }, + { + "name": "50737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50737" + }, + { + "name": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc", + "refsource": "CONFIRM", + "url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc" + }, + { + "name": "MDVSA-2011:167", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167" + }, + { + "name": "FEDORA-2011-11197", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html" + }, + { + "name": "FEDORA-2011-11229", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html" + }, + { + "name": "48236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48236" + }, + { + "name": "1025929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025929" + }, + { + "name": "45621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45621" + }, + { + "name": "45945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45945" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3090.json b/2011/3xxx/CVE-2011-3090.json index cf28394ca87..5c71ce3568f 100644 --- a/2011/3xxx/CVE-2011-3090.json +++ b/2011/3xxx/CVE-2011-3090.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=121223", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=121223" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201205-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201205-03.xml" - }, - { - "name" : "openSUSE-SU-2012:0656", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" - }, - { - "name" : "53540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53540" - }, - { - "name" : "oval:org.mitre.oval:def:15605", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15605" - }, - { - "name" : "1027067", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027067" - }, - { - "name" : "google-chrome-wrokers-code-exec(75595)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201205-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201205-03.xml" + }, + { + "name": "oval:org.mitre.oval:def:15605", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15605" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "openSUSE-SU-2012:0656", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" + }, + { + "name": "1027067", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027067" + }, + { + "name": "google-chrome-wrokers-code-exec(75595)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75595" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" + }, + { + "name": "53540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53540" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=121223", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=121223" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4039.json b/2011/4xxx/CVE-2011-4039.json index 7a55fa6e3a1..364644c2b52 100644 --- a/2011/4xxx/CVE-2011-4039.json +++ b/2011/4xxx/CVE-2011-4039.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a \"write access violation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf" - }, - { - "name" : "47742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47742" - }, - { - "name" : "47933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a \"write access violation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf" + }, + { + "name": "47742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47742" + }, + { + "name": "47933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47933" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4487.json b/2011/4xxx/CVE-2011-4487.json index 41dd8162d2d..c04f5e97180 100644 --- a/2011/4xxx/CVE-2011-4487.json +++ b/2011/4xxx/CVE-2011-4487.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-4487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0089.json b/2013/0xxx/CVE-2013-0089.json index d7f633f28aa..768d8c7f5cf 100644 --- a/2013/0xxx/CVE-2013-0089.json +++ b/2013/0xxx/CVE-2013-0089.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021" - }, - { - "name" : "TA13-071A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" - }, - { - "name" : "oval:org.mitre.oval:def:16587", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16587", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16587" + }, + { + "name": "TA13-071A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A" + }, + { + "name": "MS13-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0152.json b/2013/0xxx/CVE-2013-0152.json index 7c57ba00a0c..ceffd7febd1 100644 --- a/2013/0xxx/CVE-2013-0152.json +++ b/2013/0xxx/CVE-2013-0152.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130123 Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/01/23/8" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "1028032", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028032" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "1028032", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028032" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "[oss-security] 20130123 Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/01/23/8" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1026.json b/2013/1xxx/CVE-2013-1026.json index ae90936901c..8e3f8b63c8a 100644 --- a/2013/1xxx/CVE-2013-1026.json +++ b/2013/1xxx/CVE-2013-1026.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-1026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5880", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5880" - }, - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "APPLE-SA-2013-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "APPLE-SA-2013-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT5880", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5880" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1214.json b/2013/1xxx/CVE-2013-1214.json index 174d5486806..90807293292 100644 --- a/2013/1xxx/CVE-2013-1214.json +++ b/2013/1xxx/CVE-2013-1214.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130419 Cisco Unified Contact Center Express Editor Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130419 Cisco Unified Contact Center Express Editor Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1214" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1325.json b/2013/1xxx/CVE-2013-1325.json index b304dcb869e..b4f376509e5 100644 --- a/2013/1xxx/CVE-2013-1325.json +++ b/2013/1xxx/CVE-2013-1325.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka \"Word Heap Overwrite Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-091", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-091" - }, - { - "name" : "TA13-317A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-317A" - }, - { - "name" : "oval:org.mitre.oval:def:19321", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka \"Word Heap Overwrite Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-317A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-317A" + }, + { + "name": "oval:org.mitre.oval:def:19321", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19321" + }, + { + "name": "MS13-091", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-091" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1510.json b/2013/1xxx/CVE-2013-1510.json index 1b8ec9045ea..129d015930f 100644 --- a/2013/1xxx/CVE-2013-1510.json +++ b/2013/1xxx/CVE-2013-1510.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0419." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0419." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1624.json b/2013/1xxx/CVE-2013-1624.json index 78e2d0a37ad..8e54303a3fa 100644 --- a/2013/1xxx/CVE-2013-1624.json +++ b/2013/1xxx/CVE-2013-1624.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/02/05/24" - }, - { - "name" : "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", - "refsource" : "MISC", - "url" : "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf" - }, - { - "name" : "RHSA-2014:0371", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0371.html" - }, - { - "name" : "RHSA-2014:0372", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0372.html" - }, - { - "name" : "57716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57716" - }, - { - "name" : "57719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", + "refsource": "MISC", + "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf" + }, + { + "name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/02/05/24" + }, + { + "name": "RHSA-2014:0371", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html" + }, + { + "name": "57719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57719" + }, + { + "name": "57716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57716" + }, + { + "name": "RHSA-2014:0372", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4395.json b/2013/4xxx/CVE-2013-4395.json index efe4f8a2f22..7f504edcb2e 100644 --- a/2013/4xxx/CVE-2013-4395.json +++ b/2013/4xxx/CVE-2013-4395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4395", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4395", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5300.json b/2013/5xxx/CVE-2013-5300.json index 1136e19fb06..f7267444959 100644 --- a/2013/5xxx/CVE-2013-5300.json +++ b/2013/5xxx/CVE-2013-5300.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.alienvault.com/discussion/1609/patch-release-4-3-1", - "refsource" : "MISC", - "url" : "http://forums.alienvault.com/discussion/1609/patch-release-4-3-1" - }, - { - "name" : "http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html" - }, - { - "name" : "61456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61456" - }, - { - "name" : "95813", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/show/osvdb/95813" - }, - { - "name" : "95814", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/show/osvdb/95814" - }, - { - "name" : "95816", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/show/osvdb/95816" - }, - { - "name" : "95817", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/show/osvdb/95817" - }, - { - "name" : "95818", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/show/osvdb/95818" - }, - { - "name" : "54264", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54264" - }, - { - "name" : "54287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54287" - }, - { - "name" : "alienvault-ossim-multiple-xss(85994)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95814", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/show/osvdb/95814" + }, + { + "name": "95818", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/show/osvdb/95818" + }, + { + "name": "54264", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54264" + }, + { + "name": "95816", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/show/osvdb/95816" + }, + { + "name": "http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html" + }, + { + "name": "54287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54287" + }, + { + "name": "61456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61456" + }, + { + "name": "95813", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/show/osvdb/95813" + }, + { + "name": "alienvault-ossim-multiple-xss(85994)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85994" + }, + { + "name": "http://forums.alienvault.com/discussion/1609/patch-release-4-3-1", + "refsource": "MISC", + "url": "http://forums.alienvault.com/discussion/1609/patch-release-4-3-1" + }, + { + "name": "95817", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/show/osvdb/95817" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5653.json b/2013/5xxx/CVE-2013-5653.json index 7c0ad810abb..25be6f5e28a 100644 --- a/2013/5xxx/CVE-2013-5653.json +++ b/2013/5xxx/CVE-2013-5653.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getenv and filenameforall functions in Ghostscript 9.10 ignore the \"-dSAFER\" argument, which allows remote attackers to read data via a crafted postscript file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160929 Re: ImageMagick identify \"d:\" hangs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/29/28" - }, - { - "name" : "[oss-security] 20160929 Re: ImageMagick identify \"d:\" hangs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/29/5" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=694724", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=694724" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697169", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697169" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1380327", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1380327" - }, - { - "name" : "DSA-3691", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3691" - }, - { - "name" : "RHSA-2017:0013", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0013.html" - }, - { - "name" : "RHSA-2017:0014", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0014.html" - }, - { - "name" : "96497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getenv and filenameforall functions in Ghostscript 9.10 ignore the \"-dSAFER\" argument, which allows remote attackers to read data via a crafted postscript file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3691", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3691" + }, + { + "name": "RHSA-2017:0013", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html" + }, + { + "name": "RHSA-2017:0014", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0014.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1380327", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380327" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697169", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697169" + }, + { + "name": "[oss-security] 20160929 Re: ImageMagick identify \"d:\" hangs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/29/28" + }, + { + "name": "96497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96497" + }, + { + "name": "[oss-security] 20160929 Re: ImageMagick identify \"d:\" hangs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/29/5" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=694724", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=694724" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5688.json b/2013/5xxx/CVE-2013-5688.json index 67d8cd534e2..e094b2f4deb 100644 --- a/2013/5xxx/CVE-2013-5688.json +++ b/2013/5xxx/CVE-2013-5688.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt" - }, - { - "name" : "http://ajaxplorer.info/ajaxplorer-core-5-0-3/", - "refsource" : "CONFIRM", - "url" : "http://ajaxplorer.info/ajaxplorer-core-5-0-3/" - }, - { - "name" : "97022", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ajaxplorer.info/ajaxplorer-core-5-0-3/", + "refsource": "CONFIRM", + "url": "http://ajaxplorer.info/ajaxplorer-core-5-0-3/" + }, + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-027.txt" + }, + { + "name": "97022", + "refsource": "OSVDB", + "url": "http://osvdb.org/97022" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5701.json b/2013/5xxx/CVE-2013-5701.json index c02766cd961..54949ef62c5 100644 --- a/2013/5xxx/CVE-2013-5701.json +++ b/2013/5xxx/CVE-2013-5701.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130908 [CVE-2013-5701] Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Sep/43" - }, - { - "name" : "https://www.rcesecurity.com/2013/09/cve-2013-5701-watchguard-server-center-v11-7-4-wgpr-dll-local-privileges-escalation-vulnerability", - "refsource" : "MISC", - "url" : "https://www.rcesecurity.com/2013/09/cve-2013-5701-watchguard-server-center-v11-7-4-wgpr-dll-local-privileges-escalation-vulnerability" - }, - { - "name" : "1028992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130908 [CVE-2013-5701] Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Sep/43" + }, + { + "name": "https://www.rcesecurity.com/2013/09/cve-2013-5701-watchguard-server-center-v11-7-4-wgpr-dll-local-privileges-escalation-vulnerability", + "refsource": "MISC", + "url": "https://www.rcesecurity.com/2013/09/cve-2013-5701-watchguard-server-center-v11-7-4-wgpr-dll-local-privileges-escalation-vulnerability" + }, + { + "name": "1028992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028992" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0419.json b/2017/0xxx/CVE-2017-0419.json index 21d2f47a516..fc1b4bdee0a 100644 --- a/2017/0xxx/CVE-2017-0419.json +++ b/2017/0xxx/CVE-2017-0419.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96055" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "96055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96055" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0420.json b/2017/0xxx/CVE-2017-0420.json index eb3e7f82785..937cc991d73 100644 --- a/2017/0xxx/CVE-2017-0420.json +++ b/2017/0xxx/CVE-2017-0420.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96093" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96093" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0558.json b/2017/0xxx/CVE-2017-0558.json index cdc78222f81..23a66fa643e 100644 --- a/2017/0xxx/CVE-2017-0558.json +++ b/2017/0xxx/CVE-2017-0558.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97332" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122" + }, + { + "name": "97332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97332" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0579.json b/2017/0xxx/CVE-2017-0579.json index 37d36eb490b..e7301dc2d79 100644 --- a/2017/0xxx/CVE-2017-0579.json +++ b/2017/0xxx/CVE-2017-0579.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97339" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34125463. References: QC-CR#1115406." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97339" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0838.json b/2017/0xxx/CVE-2017-0838.json index e6b07de9b67..bdc3151e14e 100644 --- a/2017/0xxx/CVE-2017-0838.json +++ b/2017/0xxx/CVE-2017-0838.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000127.json b/2017/1000xxx/CVE-2017-1000127.json index bdf38c1da42..0b3d40e6abb 100644 --- a/2017/1000xxx/CVE-2017-1000127.json +++ b/2017/1000xxx/CVE-2017-1000127.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.340860", - "ID" : "CVE-2017-1000127", - "REQUESTER" : "hanno@hboeck.de", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "exiv2", - "version" : { - "version_data" : [ - { - "version_value" : "0.26" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exiv2 0.26 contains a heap buffer overflow in tiff parser" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.340860", + "ID": "CVE-2017-1000127", + "REQUESTER": "hanno@hboeck.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170630 exiv2: multiple memory safety issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/06/30/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exiv2 0.26 contains a heap buffer overflow in tiff parser" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170630 exiv2: multiple memory safety issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/06/30/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000406.json b/2017/1000xxx/CVE-2017-1000406.json index fcccfbe6b2a..5e924545275 100644 --- a/2017/1000xxx/CVE-2017-1000406.json +++ b/2017/1000xxx/CVE-2017-1000406.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000406", - "REQUESTER" : "lhinds@redhat.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Karaf", - "version" : { - "version_data" : [ - { - "version_value" : "0.6.1-Carbon" - } - ] - } - } - ] - }, - "vendor_name" : "OpenDaylight" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Password change fails to clear cache" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000406", + "REQUESTER": "lhinds@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20171123 OpenDayLight: Password change doesn't result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2017/q4/320" - }, - { - "name" : "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151", - "refsource" : "CONFIRM", - "url" : "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151" - }, - { - "name" : "https://jira.opendaylight.org/browse/AAA-151", - "refsource" : "CONFIRM", - "url" : "https://jira.opendaylight.org/browse/AAA-151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151", + "refsource": "CONFIRM", + "url": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151" + }, + { + "name": "https://jira.opendaylight.org/browse/AAA-151", + "refsource": "CONFIRM", + "url": "https://jira.opendaylight.org/browse/AAA-151" + }, + { + "name": "[oss-security] 20171123 OpenDayLight: Password change doesn't result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2017/q4/320" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000415.json b/2017/1000xxx/CVE-2017-1000415.json index f3b279275ae..02672d2c4de 100644 --- a/2017/1000xxx/CVE-2017-1000415.json +++ b/2017/1000xxx/CVE-2017-1000415.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000415", - "REQUESTER" : "schau@purdue.edu", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MatrixSSL", - "version" : { - "version_data" : [ - { - "version_value" : "3.7.2 and older" - } - ] - } - } - ] - }, - "vendor_name" : "MatrixSSL" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect date range validation" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000415", + "REQUESTER": "schau@purdue.edu", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", - "refsource" : "MISC", - "url" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf" - }, - { - "name" : "https://www.youtube.com/watch?v=FW--c_F_cY8", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=FW--c_F_cY8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", + "refsource": "MISC", + "url": "https://www.ieee-security.org/TC/SP2017/papers/231.pdf" + }, + { + "name": "https://www.youtube.com/watch?v=FW--c_F_cY8", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=FW--c_F_cY8" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12209.json b/2017/12xxx/CVE-2017-12209.json index 454e49901c0..921ecf46bf9 100644 --- a/2017/12xxx/CVE-2017-12209.json +++ b/2017/12xxx/CVE-2017-12209.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12209", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12209", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12455.json b/2017/12xxx/CVE-2017-12455.json index 838e35b5342..f9b6fa77384 100644 --- a/2017/12xxx/CVE-2017-12455.json +++ b/2017/12xxx/CVE-2017-12455.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21840", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21840", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12691.json b/2017/12xxx/CVE-2017-12691.json index 88cbd36a598..b41baae560d 100644 --- a/2017/12xxx/CVE-2017-12691.json +++ b/2017/12xxx/CVE-2017-12691.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/656", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/656" - }, - { - "name" : "GLSA-201711-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-07" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "GLSA-201711-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-07" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/656", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/656" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16034.json b/2017/16xxx/CVE-2017-16034.json index dcbee89b4fa..8476b3eacf3 100644 --- a/2017/16xxx/CVE-2017-16034.json +++ b/2017/16xxx/CVE-2017-16034.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16034", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16034", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16271.json b/2017/16xxx/CVE-2017-16271.json index 184d3630fd6..18de916e9c1 100644 --- a/2017/16xxx/CVE-2017-16271.json +++ b/2017/16xxx/CVE-2017-16271.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16271", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16271", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16276.json b/2017/16xxx/CVE-2017-16276.json index ab9a4c33229..cde81adf90c 100644 --- a/2017/16xxx/CVE-2017-16276.json +++ b/2017/16xxx/CVE-2017-16276.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16276", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16276", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16303.json b/2017/16xxx/CVE-2017-16303.json index bd85009e3da..0365d2f4b9f 100644 --- a/2017/16xxx/CVE-2017-16303.json +++ b/2017/16xxx/CVE-2017-16303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16303", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16303", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16879.json b/2017/16xxx/CVE-2017-16879.json index 085bdec3759..4714816ec0f 100644 --- a/2017/16xxx/CVE-2017-16879.json +++ b/2017/16xxx/CVE-2017-16879.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html" - }, - { - "name" : "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "refsource" : "CONFIRM", - "url" : "http://invisible-island.net/ncurses/NEWS.html#t20171125" - }, - { - "name" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - }, - { - "name" : "GLSA-201804-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-13" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html" + }, + { + "name": "GLSA-201804-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-13" + }, + { + "name": "http://invisible-island.net/ncurses/NEWS.html#t20171125", + "refsource": "CONFIRM", + "url": "http://invisible-island.net/ncurses/NEWS.html#t20171125" + }, + { + "name": "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4012.json b/2017/4xxx/CVE-2017-4012.json index 601148bea39..f67874adce6 100644 --- a/2017/4xxx/CVE-2017-4012.json +++ b/2017/4xxx/CVE-2017-4012.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2017-4012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Data Loss Prevention (NDLP)", - "version" : { - "version_data" : [ - { - "version_value" : "9.3.x" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2017-4012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Data Loss Prevention (NDLP)", + "version": { + "version_data": [ + { + "version_value": "9.3.x" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10198", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10198" - }, - { - "name" : "1038523", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198" + }, + { + "name": "1038523", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038523" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4180.json b/2017/4xxx/CVE-2017-4180.json index 46995a7ca0f..c6bef37b592 100644 --- a/2017/4xxx/CVE-2017-4180.json +++ b/2017/4xxx/CVE-2017-4180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4180", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4180", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4221.json b/2017/4xxx/CVE-2017-4221.json index a4e386916f7..b4889e1c52e 100644 --- a/2017/4xxx/CVE-2017-4221.json +++ b/2017/4xxx/CVE-2017-4221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4221", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4221", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4697.json b/2017/4xxx/CVE-2017-4697.json index e2492274760..16eaf757888 100644 --- a/2017/4xxx/CVE-2017-4697.json +++ b/2017/4xxx/CVE-2017-4697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4697", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4697", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18235.json b/2018/18xxx/CVE-2018-18235.json index f56e1f4d528..48966be7e26 100644 --- a/2018/18xxx/CVE-2018-18235.json +++ b/2018/18xxx/CVE-2018-18235.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18235", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18235", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18384.json b/2018/18xxx/CVE-2018-18384.json index 51e80c1686d..f3be7f45ff6 100644 --- a/2018/18xxx/CVE-2018-18384.json +++ b/2018/18xxx/CVE-2018-18384.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1110194", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1110194" - }, - { - "name" : "https://sourceforge.net/p/infozip/bugs/53/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/infozip/bugs/53/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1110194", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1110194" + }, + { + "name": "https://sourceforge.net/p/infozip/bugs/53/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/infozip/bugs/53/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5199.json b/2018/5xxx/CVE-2018-5199.json index 883c9cf66d8..173424f5670 100644 --- a/2018/5xxx/CVE-2018-5199.json +++ b/2018/5xxx/CVE-2018-5199.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@krcert.or.kr", - "DATE_PUBLIC" : "2018-12-19T08:30:00.000Z", - "ID" : "CVE-2018-5199", - "STATE" : "PUBLIC", - "TITLE" : "WIZVERA Remote Code Execution Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Veraport", - "version" : { - "version_data" : [ - { - "affected" : "=", - "platform" : "Mac OS", - "version_name" : "G3", - "version_value" : "all" - } - ] - } - } - ] - }, - "vendor_name" : "WIZVERA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", + "DATE_PUBLIC": "2018-12-19T08:30:00.000Z", + "ID": "CVE-2018-5199", + "STATE": "PUBLIC", + "TITLE": "WIZVERA Remote Code Execution Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Veraport", + "version": { + "version_data": [ + { + "affected": "=", + "platform": "Mac OS", + "version_name": "G3", + "version_value": "all" + } + ] + } + } + ] + }, + "vendor_name": "WIZVERA" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30112", - "refsource" : "MISC", - "url" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30112" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Update to patched release version(3.7.3.3)" - } - ], - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30112", + "refsource": "MISC", + "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30112" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to patched release version(3.7.3.3)" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5297.json b/2018/5xxx/CVE-2018-5297.json index f4c272c1841..069a0287a78 100644 --- a/2018/5xxx/CVE-2018-5297.json +++ b/2018/5xxx/CVE-2018-5297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5297", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5297", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5408.json b/2018/5xxx/CVE-2018-5408.json index 6d53ab43a27..8d4e45323f7 100644 --- a/2018/5xxx/CVE-2018-5408.json +++ b/2018/5xxx/CVE-2018-5408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5408", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5408", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5546.json b/2018/5xxx/CVE-2018-5546.json index ff0d4df898d..33534db67ef 100644 --- a/2018/5xxx/CVE-2018-5546.json +++ b/2018/5xxx/CVE-2018-5546.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-08-16T00:00:00", - "ID" : "CVE-2018-5546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP APM client for Linux", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to version 7.1.7.1" - } - ] - } - }, - { - "product_name" : "BIG-IP APM client for macOS", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to version 7.1.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-08-16T00:00:00", + "ID": "CVE-2018-5546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM client for Linux", + "version": { + "version_data": [ + { + "version_value": "Prior to version 7.1.7.1" + } + ] + } + }, + { + "product_name": "BIG-IP APM client for macOS", + "version": { + "version_data": [ + { + "version_value": "Prior to version 7.1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K54431371", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K54431371" - }, - { - "name" : "1041510", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K54431371", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K54431371" + }, + { + "name": "1041510", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041510" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5723.json b/2018/5xxx/CVE-2018-5723.json index 1fa580f30e7..0468073a58c 100644 --- a/2018/5xxx/CVE-2018-5723.json +++ b/2018/5xxx/CVE-2018-5723.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43693", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43693/" - }, - { - "name" : "http://syrion.me/blog/master-ipcam/", - "refsource" : "MISC", - "url" : "http://syrion.me/blog/master-ipcam/" - }, - { - "name" : "https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43693", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43693/" + }, + { + "name": "http://syrion.me/blog/master-ipcam/", + "refsource": "MISC", + "url": "http://syrion.me/blog/master-ipcam/" + }, + { + "name": "https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5861.json b/2018/5xxx/CVE-2018-5861.json index d0faf9416bd..930d3790afe 100644 --- a/2018/5xxx/CVE-2018-5861.json +++ b/2018/5xxx/CVE-2018-5861.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-5861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-5861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=114a392e29bc900c0fe15cc1f3e9ba369cd03244", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=114a392e29bc900c0fe15cc1f3e9ba369cd03244" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=114a392e29bc900c0fe15cc1f3e9ba369cd03244", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=114a392e29bc900c0fe15cc1f3e9ba369cd03244" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file