diff --git a/2001/0xxx/CVE-2001-0151.json b/2001/0xxx/CVE-2001-0151.json index ca668f29ff9..4512b7a3dba 100644 --- a/2001/0xxx/CVE-2001-0151.json +++ b/2001/0xxx/CVE-2001-0151.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-016", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-016" - }, - { - "name" : "iis-webdav-dos(6205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6205" - }, - { - "name" : "oval:org.mitre.oval:def:90", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A90" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:90", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A90" + }, + { + "name": "MS01-016", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-016" + }, + { + "name": "iis-webdav-dos(6205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6205" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0400.json b/2001/0xxx/CVE-2001-0400.json index f51d94a5630..62cd601fb35 100644 --- a/2001/0xxx/CVE-2001-0400.json +++ b/2001/0xxx/CVE-2001-0400.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters (\"`\") in the email address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010410 CGI - nph-maillist.pl vulnerability...", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/175506" - }, - { - "name" : "2563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters (\"`\") in the email address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010410 CGI - nph-maillist.pl vulnerability...", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/175506" + }, + { + "name": "2563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2563" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1165.json b/2001/1xxx/CVE-2001-1165.json index ab014cc68db..8c5eccf116b 100644 --- a/2001/1xxx/CVE-2001-1165.json +++ b/2001/1xxx/CVE-2001-1165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securemac.com/fileguard.php#disengage", - "refsource" : "MISC", - "url" : "http://www.securemac.com/fileguard.php#disengage" - }, - { - "name" : "fileguard-weak-password-encryption(7018)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7018.php" - }, - { - "name" : "3213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3213" + }, + { + "name": "http://www.securemac.com/fileguard.php#disengage", + "refsource": "MISC", + "url": "http://www.securemac.com/fileguard.php#disengage" + }, + { + "name": "fileguard-weak-password-encryption(7018)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7018.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1311.json b/2001/1xxx/CVE-2001-1311.json index 3a40bf71c18..1fd1c61046d 100644 --- a/2001/1xxx/CVE-2001-1311.json +++ b/2001/1xxx/CVE-2001-1311.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030313 R7-0012: Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/314909/30/25520/threaded" - }, - { - "name" : "L-116", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml" - }, - { - "name" : "VU#583184", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/583184" - }, - { - "name" : "CA-2001-18", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-18.html" - }, - { - "name" : "http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8", - "refsource" : "CONFIRM", - "url" : "http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8" - }, - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" - }, - { - "name" : "domino-ldap-protos-bo(6895)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6895" - }, - { - "name" : "3041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8", + "refsource": "CONFIRM", + "url": "http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8" + }, + { + "name": "3041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3041" + }, + { + "name": "20030313 R7-0012: Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/314909/30/25520/threaded" + }, + { + "name": "CA-2001-18", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-18.html" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" + }, + { + "name": "L-116", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml" + }, + { + "name": "VU#583184", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/583184" + }, + { + "name": "domino-ldap-protos-bo(6895)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6895" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1107.json b/2008/1xxx/CVE-2008-1107.json index 4133e876aa0..6c11577bffc 100644 --- a/2008/1xxx/CVE-2008-1107.json +++ b/2008/1xxx/CVE-2008-1107.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the Danske Bank e-Sec Control Module ActiveX control (DanskeSikker.ocx) 3.1.0.48, and possibly earlier versions, allow remote attackers to execute arbitrary code via long arguments to unspecified methods, which are not properly handled by a logging function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-1107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090416 Secunia Research: Danske Bank e-Sec Control Module Error Logging Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502725/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2008-17/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-17/" - }, - { - "name" : "34549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34549" - }, - { - "name" : "53715", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53715" - }, - { - "name" : "29635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29635" - }, - { - "name" : "ADV-2009-1047", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1047" - }, - { - "name" : "danske-esec-activex-bo(49903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the Danske Bank e-Sec Control Module ActiveX control (DanskeSikker.ocx) 3.1.0.48, and possibly earlier versions, allow remote attackers to execute arbitrary code via long arguments to unspecified methods, which are not properly handled by a logging function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090416 Secunia Research: Danske Bank e-Sec Control Module Error Logging Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502725/100/0/threaded" + }, + { + "name": "danske-esec-activex-bo(49903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49903" + }, + { + "name": "29635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29635" + }, + { + "name": "34549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34549" + }, + { + "name": "53715", + "refsource": "OSVDB", + "url": "http://osvdb.org/53715" + }, + { + "name": "http://secunia.com/secunia_research/2008-17/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-17/" + }, + { + "name": "ADV-2009-1047", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1047" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1400.json b/2008/1xxx/CVE-2008-1400.json index 3cbd63cb4e5..ff5dbd09fa1 100644 --- a/2008/1xxx/CVE-2008-1400.json +++ b/2008/1xxx/CVE-2008-1400.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a \"..\\\" (dot dot backslash) or \"../\" (dot dot slash) in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080317 Multiple vulnerabilities in Net Inspector 6.5.0.828", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489704/100/0/threaded" - }, - { - "name" : "5269", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5269" - }, - { - "name" : "http://aluigi.altervista.org/adv/netinsp-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/netinsp-adv.txt" - }, - { - "name" : "28266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28266" - }, - { - "name" : "29421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a \"..\\\" (dot dot backslash) or \"../\" (dot dot slash) in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080317 Multiple vulnerabilities in Net Inspector 6.5.0.828", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489704/100/0/threaded" + }, + { + "name": "28266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28266" + }, + { + "name": "http://aluigi.altervista.org/adv/netinsp-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/netinsp-adv.txt" + }, + { + "name": "5269", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5269" + }, + { + "name": "29421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29421" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1472.json b/2008/1xxx/CVE-2008-1472.json index 3718988958d..4ff679de598 100644 --- a/2008/1xxx/CVE-2008-1472.json +++ b/2008/1xxx/CVE-2008-1472.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080320 Note about recently publicized CA BrightStor ActiveX exploit code", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489893/100/0/threaded" - }, - { - "name" : "20080328 CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490263/100/0/threaded" - }, - { - "name" : "5264", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5264" - }, - { - "name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx", - "refsource" : "CONFIRM", - "url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx" - }, - { - "name" : "28268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28268" - }, - { - "name" : "ADV-2008-0902", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0902/references" - }, - { - "name" : "1019617", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019617" - }, - { - "name" : "29408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29408" - }, - { - "name" : "ca-arcserve-listctrl-bo(41225)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28268" + }, + { + "name": "ADV-2008-0902", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0902/references" + }, + { + "name": "29408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29408" + }, + { + "name": "5264", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5264" + }, + { + "name": "ca-arcserve-listctrl-bo(41225)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41225" + }, + { + "name": "20080320 Note about recently publicized CA BrightStor ActiveX exploit code", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489893/100/0/threaded" + }, + { + "name": "1019617", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019617" + }, + { + "name": "20080328 CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490263/100/0/threaded" + }, + { + "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx", + "refsource": "CONFIRM", + "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1878.json b/2008/1xxx/CVE-2008-1878.json index e36cb21c8e2..d8c669628c9 100644 --- a/2008/1xxx/CVE-2008-1878.json +++ b/2008/1xxx/CVE-2008-1878.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5458", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5458" - }, - { - "name" : "DSA-1586", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1586" - }, - { - "name" : "FEDORA-2008-3326", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html" - }, - { - "name" : "FEDORA-2008-3353", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html" - }, - { - "name" : "GLSA-200808-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-01.xml" - }, - { - "name" : "MDVSA-2008:177", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177" - }, - { - "name" : "MDVSA-2008:178", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" - }, - { - "name" : "SUSE-SR:2008:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" - }, - { - "name" : "USN-635-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-635-1" - }, - { - "name" : "28816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28816" - }, - { - "name" : "30337", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30337" - }, - { - "name" : "ADV-2008-1247", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1247/references" - }, - { - "name" : "29850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29850" - }, - { - "name" : "30021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30021" - }, - { - "name" : "30581", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30581" - }, - { - "name" : "31372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31372" - }, - { - "name" : "31393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31393" - }, - { - "name" : "xinelib-demuxnsfsendchunk-bo(41865)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the demux_nsf_send_chunk function in src/demuxers/demux_nsf.c in xine-lib 1.1.12 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long NSF title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2008-3326", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00536.html" + }, + { + "name": "GLSA-200808-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml" + }, + { + "name": "FEDORA-2008-3353", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00571.html" + }, + { + "name": "ADV-2008-1247", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1247/references" + }, + { + "name": "DSA-1586", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1586" + }, + { + "name": "30021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30021" + }, + { + "name": "29850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29850" + }, + { + "name": "MDVSA-2008:177", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:177" + }, + { + "name": "5458", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5458" + }, + { + "name": "SUSE-SR:2008:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html" + }, + { + "name": "xinelib-demuxnsfsendchunk-bo(41865)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41865" + }, + { + "name": "31393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31393" + }, + { + "name": "MDVSA-2008:178", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" + }, + { + "name": "28816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28816" + }, + { + "name": "31372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31372" + }, + { + "name": "USN-635-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-635-1" + }, + { + "name": "30337", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30337" + }, + { + "name": "30581", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30581" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5381.json b/2008/5xxx/CVE-2008-5381.json index ed976537931..1b511f41ea0 100644 --- a/2008/5xxx/CVE-2008-5381.json +++ b/2008/5xxx/CVE-2008-5381.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081124 [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498585/100/0/threaded" - }, - { - "name" : "http://security.bkis.vn/?p=277", - "refsource" : "MISC", - "url" : "http://security.bkis.vn/?p=277" - }, - { - "name" : "32438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32438" - }, - { - "name" : "ADV-2008-3249", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3249" - }, - { - "name" : "32846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32846" - }, - { - "name" : "32881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32881" - }, - { - "name" : "4697", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4697" - }, - { - "name" : "ffdshow-url-bo(46810)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3249", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3249" + }, + { + "name": "http://security.bkis.vn/?p=277", + "refsource": "MISC", + "url": "http://security.bkis.vn/?p=277" + }, + { + "name": "32846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32846" + }, + { + "name": "4697", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4697" + }, + { + "name": "ffdshow-url-bo(46810)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46810" + }, + { + "name": "32881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32881" + }, + { + "name": "32438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32438" + }, + { + "name": "20081124 [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498585/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5864.json b/2008/5xxx/CVE-2008-5864.json index fe0d5c6fa08..260af61cabc 100644 --- a/2008/5xxx/CVE-2008-5864.json +++ b/2008/5xxx/CVE-2008-5864.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7539", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7539" - }, - { - "name" : "32952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32952" - }, - { - "name" : "4871", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4871" - }, - { - "name" : "tophotel-index-sql-injection(47540)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32952" + }, + { + "name": "7539", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7539" + }, + { + "name": "tophotel-index-sql-injection(47540)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47540" + }, + { + "name": "4871", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4871" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2007.json b/2011/2xxx/CVE-2011-2007.json index 5ef14a35629..13e9251963a 100644 --- a/2011/2xxx/CVE-2011-2007.json +++ b/2011/2xxx/CVE-2011-2007.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka \"Endless Loop DoS in snabase.exe Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-2007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-082", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-082" - }, - { - "name" : "oval:org.mitre.oval:def:13040", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka \"Endless Loop DoS in snabase.exe Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13040", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13040" + }, + { + "name": "MS11-082", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-082" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2010.json b/2011/2xxx/CVE-2011-2010.json index ea0d3b4cf4c..2ef532abf81 100644 --- a/2011/2xxx/CVE-2011-2010.json +++ b/2011/2xxx/CVE-2011-2010.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka \"Pinyin IME Elevation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-2010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-088", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088" - }, - { - "name" : "TA11-347A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka \"Pinyin IME Elevation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-347A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" + }, + { + "name": "MS11-088", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2117.json b/2011/2xxx/CVE-2011-2117.json index 934471f9019..d004b17bc6b 100644 --- a/2011/2xxx/CVE-2011-2117.json +++ b/2011/2xxx/CVE-2011-2117.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html" - }, - { - "name" : "TA11-166A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-17.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-17.html" + }, + { + "name": "TA11-166A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2215.json b/2011/2xxx/CVE-2011-2215.json index 037e337ff87..5ea20b3ac92 100644 --- a/2011/2xxx/CVE-2011-2215.json +++ b/2011/2xxx/CVE-2011-2215.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x before 2.0.6 has unknown impact and attack vectors, possibly related to file deletion and an encoded URL, a different vulnerability than CVE-2011-1329." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://digit.que.ne.jp/work/index.cgi?WalRack", - "refsource" : "CONFIRM", - "url" : "http://digit.que.ne.jp/work/index.cgi?WalRack" - }, - { - "name" : "http://digit.que.ne.jp/work/index.cgi?WalRack2", - "refsource" : "CONFIRM", - "url" : "http://digit.que.ne.jp/work/index.cgi?WalRack2" - }, - { - "name" : "48097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48097" - }, - { - "name" : "walrack-unspec-vuln(67811)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x before 2.0.6 has unknown impact and attack vectors, possibly related to file deletion and an encoded URL, a different vulnerability than CVE-2011-1329." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48097" + }, + { + "name": "walrack-unspec-vuln(67811)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67811" + }, + { + "name": "http://digit.que.ne.jp/work/index.cgi?WalRack2", + "refsource": "CONFIRM", + "url": "http://digit.que.ne.jp/work/index.cgi?WalRack2" + }, + { + "name": "http://digit.que.ne.jp/work/index.cgi?WalRack", + "refsource": "CONFIRM", + "url": "http://digit.que.ne.jp/work/index.cgi?WalRack" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2369.json b/2011/2xxx/CVE-2011-2369.json index c4c3109d35c..9466c055b6e 100644 --- a/2011/2xxx/CVE-2011-2369.json +++ b/2011/2xxx/CVE-2011-2369.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-27.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=650001", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=650001" - }, - { - "name" : "SUSE-SA:2011:028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" - }, - { - "name" : "oval:org.mitre.oval:def:14426", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=650001", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=650001" + }, + { + "name": "oval:org.mitre.oval:def:14426", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14426" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-27.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-27.html" + }, + { + "name": "SUSE-SA:2011:028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2470.json b/2011/2xxx/CVE-2011-2470.json index 650f659b20e..558a915ef38 100644 --- a/2011/2xxx/CVE-2011-2470.json +++ b/2011/2xxx/CVE-2011-2470.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110602 CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/02/1" - }, - { - "name" : "[oss-security] 20110602 Re: CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/02/7" - }, - { - "name" : "https://sourceforge.net/tracker/?func=detail&aid=3310673&group_id=32699&atid=406296", - "refsource" : "MISC", - "url" : "https://sourceforge.net/tracker/?func=detail&aid=3310673&group_id=32699&atid=406296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110602 CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/02/1" + }, + { + "name": "[oss-security] 20110602 Re: CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/02/7" + }, + { + "name": "https://sourceforge.net/tracker/?func=detail&aid=3310673&group_id=32699&atid=406296", + "refsource": "MISC", + "url": "https://sourceforge.net/tracker/?func=detail&aid=3310673&group_id=32699&atid=406296" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2788.json b/2011/2xxx/CVE-2011-2788.json index cb8d9bc20c8..37d1f0ae187 100644 --- a/2011/2xxx/CVE-2011-2788.json +++ b/2011/2xxx/CVE-2011-2788.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=85559", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=85559" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "74238", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74238" - }, - { - "name" : "oval:org.mitre.oval:def:14330", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14330" - }, - { - "name" : "google-chrome-inspector-bo(68950)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=85559", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=85559" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "74238", + "refsource": "OSVDB", + "url": "http://osvdb.org/74238" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "google-chrome-inspector-bo(68950)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68950" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + }, + { + "name": "oval:org.mitre.oval:def:14330", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14330" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0239.json b/2013/0xxx/CVE-2013-0239.json index 1fe7bd4b76d..cfd3f6ef0ff 100644 --- a/2013/0xxx/CVE-2013-0239.json +++ b/2013/0xxx/CVE-2013-0239.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130208 New security advisories for Apache CXF", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Feb/39" - }, - { - "name" : "http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html" - }, - { - "name" : "http://cxf.apache.org/cve-2013-0239.html", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/cve-2013-0239.html" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1438424", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1438424" - }, - { - "name" : "RHSA-2013:0749", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0749.html" - }, - { - "name" : "57876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57876" - }, - { - "name" : "90078", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90078" - }, - { - "name" : "51988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51988" - }, - { - "name" : "apachecxf-username-tokens-sec-bypass(81981)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "90078", + "refsource": "OSVDB", + "url": "http://osvdb.org/90078" + }, + { + "name": "51988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51988" + }, + { + "name": "20130208 New security advisories for Apache CXF", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Feb/39" + }, + { + "name": "apachecxf-username-tokens-sec-bypass(81981)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81981" + }, + { + "name": "http://cxf.apache.org/cve-2013-0239.html", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/cve-2013-0239.html" + }, + { + "name": "57876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57876" + }, + { + "name": "RHSA-2013:0749", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1438424", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1438424" + }, + { + "name": "http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0356.json b/2013/0xxx/CVE-2013-0356.json index 0040114dca5..dfe6d842cdb 100644 --- a/2013/0xxx/CVE-2013-0356.json +++ b/2013/0xxx/CVE-2013-0356.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity, related to PIA Core Technology." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity, related to PIA Core Technology." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0606.json b/2013/0xxx/CVE-2013-0606.json index 5e4955b41c0..0d436a9066a 100644 --- a/2013/0xxx/CVE-2013-0606.json +++ b/2013/0xxx/CVE-2013-0606.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-0606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0150", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0150.html" - }, - { - "name" : "SUSE-SU-2013:0044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" - }, - { - "name" : "SUSE-SU-2013:0047", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" - }, - { - "name" : "openSUSE-SU-2013:0193", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" - }, - { - "name" : "oval:org.mitre.oval:def:16196", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" + }, + { + "name": "SUSE-SU-2013:0047", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:0193", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" + }, + { + "name": "openSUSE-SU-2013:0138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-02.html" + }, + { + "name": "RHSA-2013:0150", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0150.html" + }, + { + "name": "oval:org.mitre.oval:def:16196", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16196" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0961.json b/2013/0xxx/CVE-2013-0961.json index 15e5df799f6..b437d1196c8 100644 --- a/2013/0xxx/CVE-2013-0961.json +++ b/2013/0xxx/CVE-2013-0961.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2013-03-14-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-03-14-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1065.json b/2013/1xxx/CVE-2013-1065.json index ccb7c57ec37..d599476f4fa 100644 --- a/2013/1xxx/CVE-2013-1065.json +++ b/2013/1xxx/CVE-2013-1065.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2013-1065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.net/ubuntu/+source/jockey/0.9.7-0ubuntu7.11", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/ubuntu/+source/jockey/0.9.7-0ubuntu7.11" - }, - { - "name" : "USN-1957-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1957-1" - }, - { - "name" : "54912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54912" + }, + { + "name": "USN-1957-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1957-1" + }, + { + "name": "https://launchpad.net/ubuntu/+source/jockey/0.9.7-0ubuntu7.11", + "refsource": "CONFIRM", + "url": "https://launchpad.net/ubuntu/+source/jockey/0.9.7-0ubuntu7.11" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1089.json b/2013/1xxx/CVE-2013-1089.json index 3a82cadb626..1be12f74232 100644 --- a/2013/1xxx/CVE-2013-1089.json +++ b/2013/1xxx/CVE-2013-1089.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1089", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1089", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1102.json b/2013/1xxx/CVE-2013-1102.json index 466aaf12365..2a25be04f64 100644 --- a/2013/1xxx/CVE-2013-1102.json +++ b/2013/1xxx/CVE-2013-1102.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc" - }, - { - "name" : "57524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57524" - }, - { - "name" : "1028027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028027" - }, - { - "name" : "51965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51965" + }, + { + "name": "57524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57524" + }, + { + "name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc" + }, + { + "name": "1028027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028027" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1341.json b/2013/1xxx/CVE-2013-1341.json index cd4e40b18fa..964ac5de0c9 100644 --- a/2013/1xxx/CVE-2013-1341.json +++ b/2013/1xxx/CVE-2013-1341.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 allows local users to gain privileges via a crafted application, aka \"Win32k Multiple Fetch Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-076", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-076" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18660", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 allows local users to gain privileges via a crafted application, aka \"Win32k Multiple Fetch Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:18660", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18660" + }, + { + "name": "MS13-076", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-076" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1514.json b/2013/1xxx/CVE-2013-1514.json index 7024af6c546..d47dbd9318c 100644 --- a/2013/1xxx/CVE-2013-1514.json +++ b/2013/1xxx/CVE-2013-1514.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote authenticated users to affect integrity via vectors related to RMI Support." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote authenticated users to affect integrity via vectors related to RMI Support." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1870.json b/2013/1xxx/CVE-2013-1870.json index 2967d0c31e3..7701219c18e 100644 --- a/2013/1xxx/CVE-2013-1870.json +++ b/2013/1xxx/CVE-2013-1870.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1870", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1869. Reason: This candidate is a reservation duplicate of CVE-2013-1869. Notes: All CVE users should reference CVE-2013-1869 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-1870", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1869. Reason: This candidate is a reservation duplicate of CVE-2013-1869. Notes: All CVE users should reference CVE-2013-1869 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3631.json b/2013/3xxx/CVE-2013-3631.json index ad152b0af63..702f968ee9b 100644 --- a/2013/3xxx/CVE-2013-3631.json +++ b/2013/3xxx/CVE-2013-3631.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the \"Advanced | Execute Command\" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats" - }, - { - "name" : "VU#326830", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/326830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the \"Advanced | Execute Command\" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#326830", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/326830" + }, + { + "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3877.json b/2013/3xxx/CVE-2013-3877.json index 14aeab484fd..9ae0f4b54ed 100644 --- a/2013/3xxx/CVE-2013-3877.json +++ b/2013/3xxx/CVE-2013-3877.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3877", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-3877", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4172.json b/2013/4xxx/CVE-2013-4172.json index a1adc4d1066..61800506d6e 100644 --- a/2013/4xxx/CVE-2013-4172.json +++ b/2013/4xxx/CVE-2013-4172.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2013:1157", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1157.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1157", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1157.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4246.json b/2013/4xxx/CVE-2013-4246.json index 790b8b1aa0a..33652ee5077 100644 --- a/2013/4xxx/CVE-2013-4246.json +++ b/2013/4xxx/CVE-2013-4246.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://subversion.apache.org/security/CVE-2013-4246-advisory.txt", - "refsource" : "CONFIRM", - "url" : "https://subversion.apache.org/security/CVE-2013-4246-advisory.txt" - }, - { - "name" : "101620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://subversion.apache.org/security/CVE-2013-4246-advisory.txt", + "refsource": "CONFIRM", + "url": "https://subversion.apache.org/security/CVE-2013-4246-advisory.txt" + }, + { + "name": "101620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101620" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4317.json b/2013/4xxx/CVE-2013-4317.json index be3501f0703..2454ef6040d 100644 --- a/2013/4xxx/CVE-2013-4317.json +++ b/2013/4xxx/CVE-2013-4317.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2013-4317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache CloudStack", - "version" : { - "version_data" : [ - { - "version_value" : "4.1.0, 4.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2013-4317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache CloudStack", + "version": { + "version_data": [ + { + "version_value": "4.1.0, 4.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180103 [CVE-2013-4317] Apache CloudStack information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2018/q1/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20180103 [CVE-2013-4317] Apache CloudStack information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2018/q1/1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4567.json b/2013/4xxx/CVE-2013-4567.json index 53327eee1ed..78a1b79ac9d 100644 --- a/2013/4xxx/CVE-2013-4567.json +++ b/2013/4xxx/CVE-2013-4567.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \\b (backspace) character in CSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332" - }, - { - "name" : "DSA-2891", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2891" - }, - { - "name" : "FEDORA-2013-21856", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html" - }, - { - "name" : "FEDORA-2013-21874", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html" - }, - { - "name" : "63760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63760" - }, - { - "name" : "57472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \\b (backspace) character in CSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63760" + }, + { + "name": "57472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57472" + }, + { + "name": "DSA-2891", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2891" + }, + { + "name": "[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html" + }, + { + "name": "FEDORA-2013-21856", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html" + }, + { + "name": "FEDORA-2013-21874", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=55332" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4764.json b/2013/4xxx/CVE-2013-4764.json index 771b8507d32..965bf7314d3 100644 --- a/2013/4xxx/CVE-2013-4764.json +++ b/2013/4xxx/CVE-2013-4764.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4764", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4764", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12242.json b/2017/12xxx/CVE-2017-12242.json index 12ff1e24ae3..87f91a0d098 100644 --- a/2017/12xxx/CVE-2017-12242.json +++ b/2017/12xxx/CVE-2017-12242.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12242", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12242", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12493.json b/2017/12xxx/CVE-2017-12493.json index fb2d174430e..377a7547589 100644 --- a/2017/12xxx/CVE-2017-12493.json +++ b/2017/12xxx/CVE-2017-12493.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12908.json b/2017/12xxx/CVE-2017-12908.json index 92edb93dc64..151ddb82eec 100644 --- a/2017/12xxx/CVE-2017-12908.json +++ b/2017/12xxx/CVE-2017-12908.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lu4n.com/cve/8.txt", - "refsource" : "MISC", - "url" : "http://lu4n.com/cve/8.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lu4n.com/cve/8.txt", + "refsource": "MISC", + "url": "http://lu4n.com/cve/8.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13283.json b/2017/13xxx/CVE-2017-13283.json index 4c5b843c6f6..84d32bdd5a6 100644 --- a/2017/13xxx/CVE-2017-13283.json +++ b/2017/13xxx/CVE-2017-13283.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-02T00:00:00", - "ID" : "CVE-2017-13283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-02T00:00:00", + "ID": "CVE-2017-13283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "105482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105482" + }, + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13433.json b/2017/13xxx/CVE-2017-13433.json index b2eba98310d..fc1cda973f7 100644 --- a/2017/13xxx/CVE-2017-13433.json +++ b/2017/13xxx/CVE-2017-13433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13433", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13433", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13538.json b/2017/13xxx/CVE-2017-13538.json index 7bf7c5ff62f..0662abaa216 100644 --- a/2017/13xxx/CVE-2017-13538.json +++ b/2017/13xxx/CVE-2017-13538.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13538", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13538", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13927.json b/2017/13xxx/CVE-2017-13927.json index d84165aa0bf..6510fe48da2 100644 --- a/2017/13xxx/CVE-2017-13927.json +++ b/2017/13xxx/CVE-2017-13927.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13927", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13927", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13947.json b/2017/13xxx/CVE-2017-13947.json index ecfa45cbfbb..07e885be6b4 100644 --- a/2017/13xxx/CVE-2017-13947.json +++ b/2017/13xxx/CVE-2017-13947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13947", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13947", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16030.json b/2017/16xxx/CVE-2017-16030.json index 08bf09d2a56..b48ffeb8cd1 100644 --- a/2017/16xxx/CVE-2017-16030.json +++ b/2017/16xxx/CVE-2017-16030.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "useragent node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=2.1.12" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "useragent node module", + "version": { + "version_data": [ + { + "version_value": "<=2.1.12" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/312", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/312", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/312" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16184.json b/2017/16xxx/CVE-2017-16184.json index 9b1d10cd9c2..ba45b80f395 100644 --- a/2017/16xxx/CVE-2017-16184.json +++ b/2017/16xxx/CVE-2017-16184.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "scott-blanch-weather-app node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "scott-blanch-weather-app node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/scott-blanch-weather-app", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/scott-blanch-weather-app" - }, - { - "name" : "https://nodesecurity.io/advisories/453", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/scott-blanch-weather-app", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/scott-blanch-weather-app" + }, + { + "name": "https://nodesecurity.io/advisories/453", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/453" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16691.json b/2017/16xxx/CVE-2017-16691.json index e365cc280f5..99400ba5427 100644 --- a/2017/16xxx/CVE-2017-16691.json +++ b/2017/16xxx/CVE-2017-16691.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-16691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Note Assistant", - "version" : { - "version_data" : [ - { - "version_value" : "SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Digital signature verification along with note file extraction" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-16691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Note Assistant", + "version": { + "version_data": [ + { + "version_value": "SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2546220", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2546220" - }, - { - "name" : "101822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Digital signature verification along with note file extraction" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2546220", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2546220" + }, + { + "name": "101822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101822" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16715.json b/2017/16xxx/CVE-2017-16715.json index 650976b9fc5..a73dc4ce338 100644 --- a/2017/16xxx/CVE-2017-16715.json +++ b/2017/16xxx/CVE-2017-16715.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-16715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa NPort 5110, 5130, and 5150", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa NPort 5110, 5130, and 5150" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-16715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa NPort 5110, 5130, and 5150", + "version": { + "version_data": [ + { + "version_value": "Moxa NPort 5110, 5130, and 5150" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01" - }, - { - "name" : "101885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101885" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16986.json b/2017/16xxx/CVE-2017-16986.json index 1a1e9378320..46a9be94520 100644 --- a/2017/16xxx/CVE-2017-16986.json +++ b/2017/16xxx/CVE-2017-16986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16986", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16986", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17165.json b/2017/17xxx/CVE-2017-17165.json index e15562bdc08..257374b82e2 100644 --- a/2017/17xxx/CVE-2017-17165.json +++ b/2017/17xxx/CVE-2017-17165.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quidway S2700,Quidway S5300,Quidway S5700,S2300,S2700,S5300,S5700,S600-E,S6300,S6700", - "version" : { - "version_data" : [ - { - "version_value" : "Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quidway S2700,Quidway S5300,Quidway S5700,S2300,S2700,S5300,S5700,S600-E,S6300,S6700", + "version": { + "version_data": [ + { + "version_value": "Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-ipv6-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4258.json b/2017/4xxx/CVE-2017-4258.json index b384a0631df..de237c52f26 100644 --- a/2017/4xxx/CVE-2017-4258.json +++ b/2017/4xxx/CVE-2017-4258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4258", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4258", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18082.json b/2018/18xxx/CVE-2018-18082.json index d50728d7825..e7dad0d8250 100644 --- a/2018/18xxx/CVE-2018-18082.json +++ b/2018/18xxx/CVE-2018-18082.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/caokang/waimai/issues/6", - "refsource" : "MISC", - "url" : "https://github.com/caokang/waimai/issues/6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/caokang/waimai/issues/6", + "refsource": "MISC", + "url": "https://github.com/caokang/waimai/issues/6" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18125.json b/2018/18xxx/CVE-2018-18125.json index dc3b9f5461b..60dbed45ccf 100644 --- a/2018/18xxx/CVE-2018-18125.json +++ b/2018/18xxx/CVE-2018-18125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18125", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18125", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18477.json b/2018/18xxx/CVE-2018-18477.json index 66abca565af..2d9e094aa80 100644 --- a/2018/18xxx/CVE-2018-18477.json +++ b/2018/18xxx/CVE-2018-18477.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18477", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18477", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18843.json b/2018/18xxx/CVE-2018-18843.json index c241bf2836a..a3c27419dd8 100644 --- a/2018/18xxx/CVE-2018-18843.json +++ b/2018/18xxx/CVE-2018-18843.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/53158", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/53158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53158", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/53158" + }, + { + "name": "https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1306.json b/2018/1xxx/CVE-2018-1306.json index 3f71c5ea678..d0f18d64a4b 100644 --- a/2018/1xxx/CVE-2018-1306.json +++ b/2018/1xxx/CVE-2018-1306.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-06-27T00:00:00", - "ID" : "CVE-2018-1306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Pluto", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-06-27T00:00:00", + "ID": "CVE-2018-1306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Pluto", + "version": { + "version_data": [ + { + "version_value": "3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45396", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45396/" - }, - { - "name" : "http://portals.apache.org/pluto/security.html", - "refsource" : "MISC", - "url" : "http://portals.apache.org/pluto/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45396", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45396/" + }, + { + "name": "http://portals.apache.org/pluto/security.html", + "refsource": "MISC", + "url": "http://portals.apache.org/pluto/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1574.json b/2018/1xxx/CVE-2018-1574.json index a145ac4b457..82c8d163435 100644 --- a/2018/1xxx/CVE-2018-1574.json +++ b/2018/1xxx/CVE-2018-1574.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1574", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1574", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1690.json b/2018/1xxx/CVE-2018-1690.json index 6e8183cf18f..41ff8a49548 100644 --- a/2018/1xxx/CVE-2018-1690.json +++ b/2018/1xxx/CVE-2018-1690.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-03T00:00:00", - "ID" : "CVE-2018-1690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rhapsody Model Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145510." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-08-03T00:00:00", + "ID": "CVE-2018-1690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rhapsody Model Manager", + "version": { + "version_data": [ + { + "version_value": "6.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10718345", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10718345" - }, - { - "name" : "ibm-rhapsody-cve20181690-xss(145510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145510." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rhapsody-cve20181690-xss(145510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145510" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10718345", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10718345" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1729.json b/2018/1xxx/CVE-2018-1729.json index fc73e4d17ac..c4c7d03c218 100644 --- a/2018/1xxx/CVE-2018-1729.json +++ b/2018/1xxx/CVE-2018-1729.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1729", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1729", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5117.json b/2018/5xxx/CVE-2018-5117.json index 54140f7a0a6..30cdcf1c7ac 100644 --- a/2018/5xxx/CVE-2018-5117.json +++ b/2018/5xxx/CVE-2018-5117.json @@ -1,145 +1,145 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.6" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.6" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "58" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "URL spoofing with right-to-left text aligned left-to-right" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.6" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "58" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" - }, - { - "name" : "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1395508", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1395508" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-03/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-03/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-04/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-04/" - }, - { - "name" : "DSA-4096", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4096" - }, - { - "name" : "DSA-4102", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4102" - }, - { - "name" : "RHSA-2018:0122", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0122" - }, - { - "name" : "RHSA-2018:0262", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0262" - }, - { - "name" : "USN-3544-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3544-1/" - }, - { - "name" : "102783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102783" - }, - { - "name" : "1040270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL spoofing with right-to-left text aligned left-to-right" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-03/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/" + }, + { + "name": "1040270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040270" + }, + { + "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" + }, + { + "name": "102783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102783" + }, + { + "name": "DSA-4096", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4096" + }, + { + "name": "RHSA-2018:0262", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0262" + }, + { + "name": "USN-3544-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3544-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-04/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/" + }, + { + "name": "RHSA-2018:0122", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0122" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" + }, + { + "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1395508", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1395508" + }, + { + "name": "DSA-4102", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4102" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5353.json b/2018/5xxx/CVE-2018-5353.json index 0522a6b5048..be25672fa5d 100644 --- a/2018/5xxx/CVE-2018-5353.json +++ b/2018/5xxx/CVE-2018-5353.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5353", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5353", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5462.json b/2018/5xxx/CVE-2018-5462.json index 24b6883f83d..0558002c9ba 100644 --- a/2018/5xxx/CVE-2018-5462.json +++ b/2018/5xxx/CVE-2018-5462.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-02-27T00:00:00", - "ID" : "CVE-2018-5462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Philips IntelliSpace Portal", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.x" - }, - { - "version_value" : "7.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Philips" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CRYPTOGRAPHIC ISSUES CWE-310" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-02-27T00:00:00", + "ID": "CVE-2018-5462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Philips IntelliSpace Portal", + "version": { + "version_data": [ + { + "version_value": "8.0.x" + }, + { + "version_value": "7.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Philips" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", - "refsource" : "CONFIRM", - "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" - }, - { - "name" : "103182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CRYPTOGRAPHIC ISSUES CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource": "CONFIRM", + "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" + }, + { + "name": "103182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103182" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5725.json b/2018/5xxx/CVE-2018-5725.json index 145bf218ae3..a47efbc7bf1 100644 --- a/2018/5xxx/CVE-2018-5725.json +++ b/2018/5xxx/CVE-2018-5725.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43693", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43693/" - }, - { - "name" : "http://syrion.me/blog/master-ipcam/", - "refsource" : "MISC", - "url" : "http://syrion.me/blog/master-ipcam/" - }, - { - "name" : "https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43693", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43693/" + }, + { + "name": "http://syrion.me/blog/master-ipcam/", + "refsource": "MISC", + "url": "http://syrion.me/blog/master-ipcam/" + }, + { + "name": "https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145935/Master-IP-CAM-01-Hardcoded-Password-Unauthenticated-Access.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5865.json b/2018/5xxx/CVE-2018-5865.json index ec9e142cffe..866686dbed1 100644 --- a/2018/5xxx/CVE-2018-5865.json +++ b/2018/5xxx/CVE-2018-5865.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-07-02T00:00:00", - "ID" : "CVE-2018-5865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Underflow in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-07-02T00:00:00", + "ID": "CVE-2018-5865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-07-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8fb4202e3bb8cfbbb9f9f0e8695891c9971cfcc2", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8fb4202e3bb8cfbbb9f9f0e8695891c9971cfcc2" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Underflow in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8fb4202e3bb8cfbbb9f9f0e8695891c9971cfcc2", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8fb4202e3bb8cfbbb9f9f0e8695891c9971cfcc2" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-07-01" + } + ] + } +} \ No newline at end of file