diff --git a/2001/0xxx/CVE-2001-0455.json b/2001/0xxx/CVE-2001-0455.json index e031db75b08..2327243ace6 100644 --- a/2001/0xxx/CVE-2001-0455.json +++ b/2001/0xxx/CVE-2001-0455.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/Aironet340-pub.shtml" - }, - { - "name" : "cisco-aironet-web-access(6200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6200" - }, - { - "name" : "5597", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/Aironet340-pub.shtml" + }, + { + "name": "cisco-aironet-web-access(6200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6200" + }, + { + "name": "5597", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5597" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0800.json b/2001/0xxx/CVE-2001-0800.json index bae12d82b22..5443f70a14a 100644 --- a/2001/0xxx/CVE-2001-0800.json +++ b/2001/0xxx/CVE-2001-0800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2", - "refsource" : "MISC", - "url" : "http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2" - }, - { - "name" : "20011003-02-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P" - }, - { - "name" : "27566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011003-02-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P" + }, + { + "name": "http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2", + "refsource": "MISC", + "url": "http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2" + }, + { + "name": "27566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27566" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0829.json b/2001/0xxx/CVE-2001-0829.json index 6a915580a88..dd0b64c1fe3 100644 --- a/2001/0xxx/CVE-2001-0829.json +++ b/2001/0xxx/CVE-2001-0829.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html" - }, - { - "name" : "http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme", - "refsource" : "MISC", - "url" : "http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme" - }, - { - "name" : "2982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme", + "refsource": "MISC", + "url": "http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme" + }, + { + "name": "20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html" + }, + { + "name": "2982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2982" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1132.json b/2001/1xxx/CVE-2001-1132.json index ef6b1f67f8f..4edfcaa3748 100644 --- a/2001/1xxx/CVE-2001-1132.json +++ b/2001/1xxx/CVE-2001-1132.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2001:420", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420" - }, - { - "name" : "mailman-blank-passwords(7091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7091" - }, - { - "name" : "5455", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2001:420", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420" + }, + { + "name": "mailman-blank-passwords(7091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7091" + }, + { + "name": "5455", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5455" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1346.json b/2001/1xxx/CVE-2001-1346.json index 77c092f4a23..c24500cfc3b 100644 --- a/2001/1xxx/CVE-2001-1346.json +++ b/2001/1xxx/CVE-2001-1346.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010518 tmp-races in ARCservIT Unix Client", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0184.html" - }, - { - "name" : "2748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2748" - }, - { - "name" : "2741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010518 tmp-races in ARCservIT Unix Client", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0184.html" + }, + { + "name": "2748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2748" + }, + { + "name": "2741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2741" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2674.json b/2006/2xxx/CVE-2006-2674.json index 855d87cda55..87d21e19615 100644 --- a/2006/2xxx/CVE-2006-2674.json +++ b/2006/2xxx/CVE-2006-2674.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060525 Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435125/100/0/threaded" - }, - { - "name" : "26564", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26564" - }, - { - "name" : "26565", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26565" - }, - { - "name" : "26567", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26567" - }, - { - "name" : "26568", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26568" - }, - { - "name" : "26566", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26566" - }, - { - "name" : "986", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/986" - }, - { - "name" : "tamberforum-multiple-sql-injection(26797)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tamberforum-multiple-sql-injection(26797)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26797" + }, + { + "name": "26565", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26565" + }, + { + "name": "20060525 Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435125/100/0/threaded" + }, + { + "name": "26564", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26564" + }, + { + "name": "986", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/986" + }, + { + "name": "26566", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26566" + }, + { + "name": "26567", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26567" + }, + { + "name": "26568", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26568" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1384.json b/2008/1xxx/CVE-2008-1384.json index a367d33f70a..9db74217a1f 100644 --- a/2008/1xxx/CVE-2008-1384.json +++ b/2008/1xxx/CVE-2008-1384.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080320 PHP 5.2.5 and prior : *printf() functions Integer Overflow", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/52" - }, - { - "name" : "20080321 {securityreason.com}PHP 5 *printf() - Integer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489962/100/0/threaded" - }, - { - "name" : "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492535/100/0/threaded" - }, - { - "name" : "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492671/100/0/threaded" - }, - { - "name" : "http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup", - "refsource" : "CONFIRM", - "url" : "http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2503", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2503" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178" - }, - { - "name" : "DSA-1572", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1572" - }, - { - "name" : "GLSA-200811-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-05.xml" - }, - { - "name" : "MDVSA-2009:022", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022" - }, - { - "name" : "MDVSA-2009:023", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023" - }, - { - "name" : "SUSE-SR:2008:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" - }, - { - "name" : "USN-628-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-628-1" - }, - { - "name" : "28392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28392" - }, - { - "name" : "30345", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30345" - }, - { - "name" : "30411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30411" - }, - { - "name" : "30967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30967" - }, - { - "name" : "31200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31200" - }, - { - "name" : "30158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30158" - }, - { - "name" : "32746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32746" - }, - { - "name" : "php-phpsprintfappendstring-overflow(41386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded" + }, + { + "name": "20080321 {securityreason.com}PHP 5 *printf() - Integer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489962/100/0/threaded" + }, + { + "name": "32746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32746" + }, + { + "name": "GLSA-200811-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml" + }, + { + "name": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup", + "refsource": "CONFIRM", + "url": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1120&view=markup" + }, + { + "name": "DSA-1572", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1572" + }, + { + "name": "30345", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30345" + }, + { + "name": "USN-628-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-628-1" + }, + { + "name": "30967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30967" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176" + }, + { + "name": "php-phpsprintfappendstring-overflow(41386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41386" + }, + { + "name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded" + }, + { + "name": "30411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30411" + }, + { + "name": "30158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30158" + }, + { + "name": "MDVSA-2009:023", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023" + }, + { + "name": "MDVSA-2009:022", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022" + }, + { + "name": "28392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28392" + }, + { + "name": "31200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31200" + }, + { + "name": "SUSE-SR:2008:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2503", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2503" + }, + { + "name": "20080320 PHP 5.2.5 and prior : *printf() functions Integer Overflow", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/52" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1425.json b/2008/1xxx/CVE-2008-1425.json index 8f95a4cfd02..933de58a9d6 100644 --- a/2008/1xxx/CVE-2008-1425.json +++ b/2008/1xxx/CVE-2008-1425.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5275", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5275" - }, - { - "name" : "28309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28309" - }, - { - "name" : "29430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29430" - }, - { - "name" : "easyclanpage-index-sql-injection(41303)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "easyclanpage-index-sql-injection(41303)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41303" + }, + { + "name": "29430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29430" + }, + { + "name": "28309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28309" + }, + { + "name": "5275", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5275" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1881.json b/2008/1xxx/CVE-2008-1881.json index 429e190c1bc..103d54ef6da 100644 --- a/2008/1xxx/CVE-2008-1881.json +++ b/2008/1xxx/CVE-2008-1881.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080317 VLC highlander bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489698" - }, - { - "name" : "5250", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5250" - }, - { - "name" : "http://aluigi.org/adv/vlcboffs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/vlcboffs-adv.txt" - }, - { - "name" : "http://aluigi.altervista.org/adv/vlcboffs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/vlcboffs-adv.txt" - }, - { - "name" : "http://wiki.videolan.org/Changelog/0.8.6f", - "refsource" : "CONFIRM", - "url" : "http://wiki.videolan.org/Changelog/0.8.6f" - }, - { - "name" : "GLSA-200804-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-25.xml" - }, - { - "name" : "28274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28274" - }, - { - "name" : "28251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28251" - }, - { - "name" : "oval:org.mitre.oval:def:14872", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872" - }, - { - "name" : "29800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29800" - }, - { - "name" : "28233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28233" - }, - { - "name" : "vlc-parsessa-bo(41936)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936" - }, - { - "name" : "vlcmediaplayer-subtitle-bo(41237)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vlc-parsessa-bo(41936)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936" + }, + { + "name": "http://aluigi.org/adv/vlcboffs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/vlcboffs-adv.txt" + }, + { + "name": "20080317 VLC highlander bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489698" + }, + { + "name": "28233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28233" + }, + { + "name": "GLSA-200804-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml" + }, + { + "name": "http://wiki.videolan.org/Changelog/0.8.6f", + "refsource": "CONFIRM", + "url": "http://wiki.videolan.org/Changelog/0.8.6f" + }, + { + "name": "28274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28274" + }, + { + "name": "29800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29800" + }, + { + "name": "oval:org.mitre.oval:def:14872", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872" + }, + { + "name": "5250", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5250" + }, + { + "name": "vlcmediaplayer-subtitle-bo(41237)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237" + }, + { + "name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt" + }, + { + "name": "28251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28251" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5191.json b/2008/5xxx/CVE-2008-5191.json index c817d2612bd..e1f63d2c7ae 100644 --- a/2008/5xxx/CVE-2008-5191.json +++ b/2008/5xxx/CVE-2008-5191.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5960", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5960" - }, - { - "name" : "29996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29996" - }, - { - "name" : "66315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66315" - }, - { - "name" : "30865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30865" - }, - { - "name" : "4623", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4623" - }, - { - "name" : "seportal-poll-sql-injection(43450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30865" + }, + { + "name": "29996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29996" + }, + { + "name": "66315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66315" + }, + { + "name": "seportal-poll-sql-injection(43450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43450" + }, + { + "name": "5960", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5960" + }, + { + "name": "4623", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4623" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5417.json b/2008/5xxx/CVE-2008-5417.json index b6b00bc7206..77c1c557fb3 100644 --- a/2008/5xxx/CVE-2008-5417.json +++ b/2008/5xxx/CVE-2008-5417.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.3/AXP_DNVOSIECO03-V83.txt", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.3/AXP_DNVOSIECO03-V83.txt" - }, - { - "name" : "1021364", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021364" - }, - { - "name" : "33028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021364", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021364" + }, + { + "name": "33028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33028" + }, + { + "name": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.3/AXP_DNVOSIECO03-V83.txt", + "refsource": "CONFIRM", + "url": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.3/AXP_DNVOSIECO03-V83.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5869.json b/2008/5xxx/CVE-2008-5869.json index 7fb22468f4d..f1b35c7ccba 100644 --- a/2008/5xxx/CVE-2008-5869.json +++ b/2008/5xxx/CVE-2008-5869.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081009 PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497182/100/0/threaded" - }, - { - "name" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-24", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-24" - }, - { - "name" : "31666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31666" - }, - { - "name" : "4884", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4884" - }, - { - "name" : "tsunamimp11-systemsysname0-xss(45797)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tsunamimp11-systemsysname0-xss(45797)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45797" + }, + { + "name": "31666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31666" + }, + { + "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-24", + "refsource": "MISC", + "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-24" + }, + { + "name": "20081009 PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497182/100/0/threaded" + }, + { + "name": "4884", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4884" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2269.json b/2011/2xxx/CVE-2011-2269.json index 48d562d3b85..c3947c1db57 100644 --- a/2011/2xxx/CVE-2011-2269.json +++ b/2011/2xxx/CVE-2011-2269.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2269", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2269", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2284.json b/2011/2xxx/CVE-2011-2284.json index b1dd2b2c830..83375dcf770 100644 --- a/2011/2xxx/CVE-2011-2284.json +++ b/2011/2xxx/CVE-2011-2284.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2351.json b/2011/2xxx/CVE-2011-2351.json index 7d7c1773e94..691c96f0521 100644 --- a/2011/2xxx/CVE-2011-2351.json +++ b/2011/2xxx/CVE-2011-2351.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=85211", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=85211" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:14053", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14053" - }, - { - "name" : "1025730", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025730" - }, - { - "name" : "45097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "45097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45097" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:14053", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14053" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "1025730", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025730" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=85211", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=85211" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2489.json b/2011/2xxx/CVE-2011-2489.json index 3c71b109beb..5377e0f49d9 100644 --- a/2011/2xxx/CVE-2011-2489.json +++ b/2011/2xxx/CVE-2011-2489.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/22/6" - }, - { - "name" : "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/23/5" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=698772", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=698772" - }, - { - "name" : "https://bugzillafiles.novell.org/attachment.cgi?id=435902", - "refsource" : "CONFIRM", - "url" : "https://bugzillafiles.novell.org/attachment.cgi?id=435902" - }, - { - "name" : "DSA-2281", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2281" - }, - { - "name" : "SUSE-SU-2011:0849", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/10082068" - }, - { - "name" : "openSUSE-SU-2011:0848", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/10082052" - }, - { - "name" : "48390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48390" - }, - { - "name" : "45136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45136" - }, - { - "name" : "45448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/23/5" + }, + { + "name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/22/6" + }, + { + "name": "openSUSE-SU-2011:0848", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/10082052" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=698772", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=698772" + }, + { + "name": "https://bugzillafiles.novell.org/attachment.cgi?id=435902", + "refsource": "CONFIRM", + "url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902" + }, + { + "name": "DSA-2281", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2281" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344" + }, + { + "name": "SUSE-SU-2011:0849", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/10082068" + }, + { + "name": "48390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48390" + }, + { + "name": "45448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45448" + }, + { + "name": "45136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45136" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2694.json b/2011/2xxx/CVE-2011-2694.json index 8e5841b1381..4c25c07f571 100644 --- a/2011/2xxx/CVE-2011-2694.json +++ b/2011/2xxx/CVE-2011-2694.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://samba.org/samba/history/samba-3.5.10.html", - "refsource" : "CONFIRM", - "url" : "http://samba.org/samba/history/samba-3.5.10.html" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2011-2694", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2011-2694" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=722537", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=722537" - }, - { - "name" : "https://bugzilla.samba.org/show_bug.cgi?id=8289", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.samba.org/show_bug.cgi?id=8289" - }, - { - "name" : "DSA-2290", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2290" - }, - { - "name" : "HPSBNS02701", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543" - }, - { - "name" : "SSRT100598", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543" - }, - { - "name" : "MDVSA-2011:121", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121" - }, - { - "name" : "USN-1182-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1182-1" - }, - { - "name" : "JVN#63041502", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN63041502/index.html" - }, - { - "name" : "48901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48901" - }, - { - "name" : "74072", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74072" - }, - { - "name" : "1025852", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025852" - }, - { - "name" : "45393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45393" - }, - { - "name" : "45488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45488" - }, - { - "name" : "45496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45496" - }, - { - "name" : "samba-user-xss(68844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:121", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:121" + }, + { + "name": "HPSBNS02701", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543" + }, + { + "name": "1025852", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025852" + }, + { + "name": "JVN#63041502", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN63041502/index.html" + }, + { + "name": "DSA-2290", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2290" + }, + { + "name": "74072", + "refsource": "OSVDB", + "url": "http://osvdb.org/74072" + }, + { + "name": "45393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45393" + }, + { + "name": "45496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45496" + }, + { + "name": "45488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45488" + }, + { + "name": "http://samba.org/samba/history/samba-3.5.10.html", + "refsource": "CONFIRM", + "url": "http://samba.org/samba/history/samba-3.5.10.html" + }, + { + "name": "48901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48901" + }, + { + "name": "SSRT100598", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543" + }, + { + "name": "https://bugzilla.samba.org/show_bug.cgi?id=8289", + "refsource": "CONFIRM", + "url": "https://bugzilla.samba.org/show_bug.cgi?id=8289" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2011-2694", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2011-2694" + }, + { + "name": "USN-1182-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1182-1" + }, + { + "name": "samba-user-xss(68844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68844" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=722537", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722537" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3660.json b/2011/3xxx/CVE-2011-3660.json index edfd4485958..b67cd0dfdf5 100644 --- a/2011/3xxx/CVE-2011-3660.json +++ b/2011/3xxx/CVE-2011-3660.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-53.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-53.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=562442", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=562442" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679494", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679494" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679986", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679986" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=680687", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=680687" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=682252", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=682252" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=685186", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=685186" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=685321", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=685321" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=686107", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=686107" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=688364", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=688364" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=688974", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=688974" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=689892", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=689892" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=690376", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=690376" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=691746", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=691746" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=691873", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=691873" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=693143", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=693143" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=693144", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=693144" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=694200", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=694200" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=696579", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=696579" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=697255", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=697255" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=700512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=700512" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=701248", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=701248" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=701637", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=701637" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=706249", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=706249" - }, - { - "name" : "MDVSA-2011:192", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:192" - }, - { - "name" : "openSUSE-SU-2012:0007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html" - }, - { - "name" : "openSUSE-SU-2012:0039", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html" - }, - { - "name" : "77952", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77952" - }, - { - "name" : "oval:org.mitre.oval:def:14226", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14226" - }, - { - "name" : "1026445", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026445" - }, - { - "name" : "1026446", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026446" - }, - { - "name" : "1026447", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026447" - }, - { - "name" : "47302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47302" - }, - { - "name" : "47334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47334" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - }, - { - "name" : "firefox-safety-bugs-ce(71908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=685321", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=685321" + }, + { + "name": "MDVSA-2011:192", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:192" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=562442", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=562442" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=691873", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=691873" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=685186", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=685186" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=701248", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=701248" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=697255", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=697255" + }, + { + "name": "47334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47334" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-53.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-53.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=688364", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=688364" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=706249", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=706249" + }, + { + "name": "1026447", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026447" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=686107", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=686107" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=701637", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=701637" + }, + { + "name": "1026446", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026446" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=693143", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=693143" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=696579", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=696579" + }, + { + "name": "oval:org.mitre.oval:def:14226", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14226" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=691746", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=691746" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=689892", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=689892" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=700512", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=700512" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "1026445", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026445" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=682252", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=682252" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=680687", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=680687" + }, + { + "name": "77952", + "refsource": "OSVDB", + "url": "http://osvdb.org/77952" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=679986", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=679986" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=690376", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=690376" + }, + { + "name": "firefox-safety-bugs-ce(71908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71908" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=688974", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=688974" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=693144", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=693144" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=694200", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=694200" + }, + { + "name": "47302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47302" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=679494", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=679494" + }, + { + "name": "openSUSE-SU-2012:0039", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html" + }, + { + "name": "openSUSE-SU-2012:0007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3684.json b/2011/3xxx/CVE-2011-3684.json index bed5a84c387..bd14f1dec53 100644 --- a/2011/3xxx/CVE-2011-3684.json +++ b/2011/3xxx/CVE-2011-3684.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-XSS.html", - "refsource" : "MISC", - "url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-XSS.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-XSS.html", + "refsource": "MISC", + "url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3895.json b/2011/3xxx/CVE-2011-3895.json index 10d2a9c94ca..d121e184849 100644 --- a/2011/3xxx/CVE-2011-3895.json +++ b/2011/3xxx/CVE-2011-3895.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=101458", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=101458" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html" - }, - { - "name" : "DSA-2471", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2471" - }, - { - "name" : "MDVSA-2012:074", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074" - }, - { - "name" : "MDVSA-2012:075", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075" - }, - { - "name" : "MDVSA-2012:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076" - }, - { - "name" : "oval:org.mitre.oval:def:13551", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13551" - }, - { - "name" : "46933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46933" - }, - { - "name" : "49089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2012:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076" + }, + { + "name": "MDVSA-2012:074", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074" + }, + { + "name": "MDVSA-2012:075", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html" + }, + { + "name": "49089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49089" + }, + { + "name": "DSA-2471", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2471" + }, + { + "name": "46933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46933" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=101458", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=101458" + }, + { + "name": "oval:org.mitre.oval:def:13551", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13551" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0593.json b/2013/0xxx/CVE-2013-0593.json index 3c26f90507c..ab76baa7ca4 100644 --- a/2013/0xxx/CVE-2013-0593.json +++ b/2013/0xxx/CVE-2013-0593.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635503", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635503" - }, - { - "name" : "ibm-spss-cve20130593-code-exec(83382)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21635503", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635503" + }, + { + "name": "ibm-spss-cve20130593-code-exec(83382)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83382" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1079.json b/2013/1xxx/CVE-2013-1079.json index 0de03f33a6d..fa4bef2c1b3 100644 --- a/2013/1xxx/CVE-2013-1079.json +++ b/2013/1xxx/CVE-2013-1079.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-13-048/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-13-048/" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7011811", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7011811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-13-048/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-13-048/" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7011811", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7011811" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1570.json b/2013/1xxx/CVE-2013-1570.json index 9c428910d0b..76744df5f2d 100644 --- a/2013/1xxx/CVE-2013-1570.json +++ b/2013/1xxx/CVE-2013-1570.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1603.json b/2013/1xxx/CVE-2013-1603.json index 43bb69ef7a2..0a91b6df92c 100644 --- a/2013/1xxx/CVE-2013-1603.json +++ b/2013/1xxx/CVE-2013-1603.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1603", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1603", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1769.json b/2013/1xxx/CVE-2013-1769.json index b97491d76a8..06b9f7f80f7 100644 --- a/2013/1xxx/CVE-2013-1769.json +++ b/2013/1xxx/CVE-2013-1769.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Telepathy] 20130304 Announce: telepathy-gabble 0.16.5", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/telepathy/2013-March/006377.html" - }, - { - "name" : "[Telepathy] 20130304 Announce: telepathy-gabble 0.17.3", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/telepathy/2013-March/006378.html" - }, - { - "name" : "openSUSE-SU-2013:0518", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00085.html" - }, - { - "name" : "USN-1873-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1873-1" - }, - { - "name" : "53779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53779" + }, + { + "name": "[Telepathy] 20130304 Announce: telepathy-gabble 0.16.5", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/telepathy/2013-March/006377.html" + }, + { + "name": "[Telepathy] 20130304 Announce: telepathy-gabble 0.17.3", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/telepathy/2013-March/006378.html" + }, + { + "name": "USN-1873-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1873-1" + }, + { + "name": "openSUSE-SU-2013:0518", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00085.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4009.json b/2013/4xxx/CVE-2013-4009.json index c2b7a269f08..79f2599dc71 100644 --- a/2013/4xxx/CVE-2013-4009.json +++ b/2013/4xxx/CVE-2013-4009.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4009", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4009", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4170.json b/2013/4xxx/CVE-2013-4170.json index e0cedbb87d8..69f82d4f8bf 100644 --- a/2013/4xxx/CVE-2013-4170.json +++ b/2013/4xxx/CVE-2013-4170.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4170", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4170", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4340.json b/2013/4xxx/CVE-2013-4340.json index 7db72e671f7..a3e740b704c 100644 --- a/2013/4xxx/CVE-2013-4340.json +++ b/2013/4xxx/CVE-2013-4340.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codex.wordpress.org/Version_3.6.1", - "refsource" : "CONFIRM", - "url" : "http://codex.wordpress.org/Version_3.6.1" - }, - { - "name" : "http://core.trac.wordpress.org/changeset/25321", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/changeset/25321" - }, - { - "name" : "http://wordpress.org/news/2013/09/wordpress-3-6-1/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/news/2013/09/wordpress-3-6-1/" - }, - { - "name" : "DSA-2757", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2757" - }, - { - "name" : "FEDORA-2013-16855", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.html" - }, - { - "name" : "FEDORA-2013-16895", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.html" - }, - { - "name" : "FEDORA-2013-16925", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2013-16925", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.html" + }, + { + "name": "http://core.trac.wordpress.org/changeset/25321", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/changeset/25321" + }, + { + "name": "FEDORA-2013-16855", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.html" + }, + { + "name": "DSA-2757", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2757" + }, + { + "name": "http://codex.wordpress.org/Version_3.6.1", + "refsource": "CONFIRM", + "url": "http://codex.wordpress.org/Version_3.6.1" + }, + { + "name": "http://wordpress.org/news/2013/09/wordpress-3-6-1/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/news/2013/09/wordpress-3-6-1/" + }, + { + "name": "FEDORA-2013-16895", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4575.json b/2013/4xxx/CVE-2013-4575.json index 0d747fa9c09..22e81071495 100644 --- a/2013/4xxx/CVE-2013-4575.json +++ b/2013/4xxx/CVE-2013-4575.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-4575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00" - }, - { - "name" : "61485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61485" - }, - { - "name" : "95938", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00" + }, + { + "name": "95938", + "refsource": "OSVDB", + "url": "http://osvdb.org/95938" + }, + { + "name": "61485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61485" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4612.json b/2013/4xxx/CVE-2013-4612.json index 43e3c012ee3..c080d1c5199 100644 --- a/2013/4xxx/CVE-2013-4612.json +++ b/2013/4xxx/CVE-2013-4612.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf", - "refsource" : "CONFIRM", - "url" : "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf", + "refsource": "CONFIRM", + "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4733.json b/2013/4xxx/CVE-2013-4733.json index 1618c567339..27018a237bc 100644 --- a/2013/4xxx/CVE-2013-4733.json +++ b/2013/4xxx/CVE-2013-4733.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/AAMN-98MU7H", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/AAMN-98MU7H" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/AAMN-98MUK2", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/AAMN-98MUK2" - }, - { - "name" : "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf" - }, - { - "name" : "VU#662676", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/662676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2" + }, + { + "name": "VU#662676", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/662676" + }, + { + "name": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H" + }, + { + "name": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf", + "refsource": "CONFIRM", + "url": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf" + }, + { + "name": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf", + "refsource": "CONFIRM", + "url": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5266.json b/2013/5xxx/CVE-2013-5266.json index 434127acb16..16315fe0ddd 100644 --- a/2013/5xxx/CVE-2013-5266.json +++ b/2013/5xxx/CVE-2013-5266.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5266", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5266", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12045.json b/2017/12xxx/CVE-2017-12045.json index e719005d219..222238c3907 100644 --- a/2017/12xxx/CVE-2017-12045.json +++ b/2017/12xxx/CVE-2017-12045.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12045", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12045", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12131.json b/2017/12xxx/CVE-2017-12131.json index f7277226774..f6216357cc4 100644 --- a/2017/12xxx/CVE-2017-12131.json +++ b/2017/12xxx/CVE-2017-12131.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kevins1022/cve/blob/master/wordpress-Easy-Testimonials.md", - "refsource" : "MISC", - "url" : "https://github.com/kevins1022/cve/blob/master/wordpress-Easy-Testimonials.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kevins1022/cve/blob/master/wordpress-Easy-Testimonials.md", + "refsource": "MISC", + "url": "https://github.com/kevins1022/cve/blob/master/wordpress-Easy-Testimonials.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12135.json b/2017/12xxx/CVE-2017-12135.json index 9aca0968b85..1510b045fcb 100644 --- a/2017/12xxx/CVE-2017-12135.json +++ b/2017/12xxx/CVE-2017-12135.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170815 Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/08/15/1" - }, - { - "name" : "[oss-security] 20170817 Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/08/17/6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1477655", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1477655" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-226.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-226.html" - }, - { - "name" : "https://support.citrix.com/article/CTX225941", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX225941" - }, - { - "name" : "DSA-3969", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3969" - }, - { - "name" : "GLSA-201801-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-14" - }, - { - "name" : "100344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100344" - }, - { - "name" : "1039178", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX225941", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX225941" + }, + { + "name": "[oss-security] 20170817 Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/08/17/6" + }, + { + "name": "100344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100344" + }, + { + "name": "DSA-3969", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3969" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1477655", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477655" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-226.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-226.html" + }, + { + "name": "[oss-security] 20170815 Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/08/15/1" + }, + { + "name": "GLSA-201801-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-14" + }, + { + "name": "1039178", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039178" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12702.json b/2017/12xxx/CVE-2017-12702.json index 754a1156837..ec5a957618e 100644 --- a/2017/12xxx/CVE-2017-12702.json +++ b/2017/12xxx/CVE-2017-12702.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-12702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "Advantech WebAccess" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-134" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-12702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess", + "version": { + "version_data": [ + { + "version_value": "Advantech WebAccess" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" - }, - { - "name" : "100526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" + }, + { + "name": "100526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100526" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12715.json b/2017/12xxx/CVE-2017-12715.json index dad9f8070cf..2010218abea 100644 --- a/2017/12xxx/CVE-2017-12715.json +++ b/2017/12xxx/CVE-2017-12715.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12715", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12715", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12741.json b/2017/12xxx/CVE-2017-12741.json index 6ff10691fe4..c94ddaa0438 100644 --- a/2017/12xxx/CVE-2017-12741.json +++ b/2017/12xxx/CVE-2017-12741.json @@ -1,210 +1,210 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-05-15T00:00:00", - "ID" : "CVE-2017-12741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SIMATIC S7-200 Smart, SIMATIC S7-400 PN V6, SIMATIC S7-400 H V6, SIMATIC S7-400 PN/DP V7, SIMATIC S7-410 V8, SIMATIC S7-300, SIMATIC S7-1200, SIMATIC S7-1500, SIMATIC S7-1500 Software Controller, SIMATIC WinAC RTX 2010 incl. F, SIMATIC ET 200AL, SIMATIC ET 200ecoPN, SIMATIC ET 200M, SIMATIC ET 200MP IM155-5 PN BA, SIMATIC ET 200MP IM155-5 PN ST, SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST), SIMATIC ET 200pro, SIMATIC ET 200S, SIMATIC ET 200SP, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, SIMOTION D, SIMOTION C, SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120 (C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIMATIC Compact Field Unit, SIMATIC PN/PN Coupler, SIMOCODE pro V PROFINET, SIRIUS Soft Starter 3RW44 PN", - "version" : { - "version_data" : [ - { - "version_value" : "SIMATIC S7-200 Smart : All versions < V2.03.01" - }, - { - "version_value" : "SIMATIC S7-400 PN V6 : All versions < V6.0.6" - }, - { - "version_value" : "SIMATIC S7-400 H V6 : All versions < V6.0.8" - }, - { - "version_value" : "SIMATIC S7-400 PN/DP V7 : All versions < V7.0.2" - }, - { - "version_value" : "SIMATIC S7-410 V8 : All versions" - }, - { - "version_value" : "SIMATIC S7-300 : All versions" - }, - { - "version_value" : "SIMATIC S7-1200 : All versions < V4.2.3" - }, - { - "version_value" : "SIMATIC S7-1500 : All versions < V2.0" - }, - { - "version_value" : "SIMATIC S7-1500 Software Controller : All versions < V2.0" - }, - { - "version_value" : "SIMATIC WinAC RTX 2010 incl. F : All versions" - }, - { - "version_value" : "SIMATIC ET 200AL : All versions" - }, - { - "version_value" : "SIMATIC ET 200ecoPN : All versions" - }, - { - "version_value" : "SIMATIC ET 200M : All versions" - }, - { - "version_value" : "SIMATIC ET 200MP IM155-5 PN BA : All versions < V4.0.2" - }, - { - "version_value" : "SIMATIC ET 200MP IM155-5 PN ST : All versions < V4.1" - }, - { - "version_value" : "SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) : All versions" - }, - { - "version_value" : "SIMATIC ET 200pro : All versions" - }, - { - "version_value" : "SIMATIC ET 200S : All versions" - }, - { - "version_value" : "SIMATIC ET 200SP : All versions" - }, - { - "version_value" : "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller : All versions < V4.1.1 Patch 05" - }, - { - "version_value" : "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P : All versions < V4.5" - }, - { - "version_value" : "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 : All versions < V4.5" - }, - { - "version_value" : "SIMOTION D : All versions < V5.1 HF1" - }, - { - "version_value" : "SIMOTION C : All versions < V5.1 HF1" - }, - { - "version_value" : "SIMOTION P V4.4 and V4.5 : All versions < V4.5 HF5" - }, - { - "version_value" : "SIMOTION P V5 : All versions < V5.1 HF1" - }, - { - "version_value" : "SINAMICS DCM w. PN : All versions < V1.4 SP1 HF6" - }, - { - "version_value" : "SINAMICS DCP w. PN : All versions < V1.2 HF2" - }, - { - "version_value" : "SINAMICS G110M w. PN : All versions < V4.7 SP9 HF1" - }, - { - "version_value" : "SINAMICS G120 (C/P/D) w. PN : All versions < V4.7 SP9 HF1" - }, - { - "version_value" : "SINAMICS G130 V4.7 w. PN : All versions < V4.7 HF29" - }, - { - "version_value" : "SINAMICS G130 V4.8 w. PN : All versions < V4.8 HF4" - }, - { - "version_value" : "SINAMICS G150 V4.7 w. PN : All versions < V4.7 HF29" - }, - { - "version_value" : "SINAMICS G150 V4.8 w. PN : All versions < V4.8 HF4" - }, - { - "version_value" : "SINAMICS S110 w. PN : All versions < V4.4 SP3 HF6" - }, - { - "version_value" : "SINAMICS S120 V4.7 w. PN : All versions < V4.7 HF29" - }, - { - "version_value" : "SINAMICS S120 V4.8 w. PN : All versions < V4.8 HF5" - }, - { - "version_value" : "SINAMICS S150 V4.7 w. PN : All versions < V4.7 HF29" - }, - { - "version_value" : "SINAMICS S150 V4.8 w. PN : All versions < V4.8 HF4" - }, - { - "version_value" : "SINAMICS V90 w. PN : All versions < V1.02" - }, - { - "version_value" : "SINUMERIK 840D sl : All versions" - }, - { - "version_value" : "SIMATIC Compact Field Unit : All versions" - }, - { - "version_value" : "SIMATIC PN/PN Coupler : All versions" - }, - { - "version_value" : "SIMOCODE pro V PROFINET : All versions" - }, - { - "version_value" : "SIRIUS Soft Starter 3RW44 PN : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SIMATIC S7-200 Smart (All versions < V2.03.01), SIMATIC S7-400 PN V6 (All versions < V6.0.6), SIMATIC S7-400 H V6 (All versions < V6.0.8), SIMATIC S7-400 PN/DP V7 (All versions < V7.0.2), SIMATIC S7-410 V8 (All versions), SIMATIC S7-300 (All versions), SIMATIC S7-1200 (All versions < V4.2.3), SIMATIC S7-1500 (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC WinAC RTX 2010 incl. F (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.2), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5), SIMOTION D (All versions < V5.1 HF1), SIMOTION C (All versions < V5.1 HF1), SIMOTION P V4.4 and V4.5 (All versions < V4.5 HF5), SIMOTION P V5 (All versions < V5.1 HF1), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF6), SINAMICS DCP w. PN (All versions < V1.2 HF2), SINAMICS G110M w. PN (All versions < V4.7 SP9 HF1), SINAMICS G120 (C/P/D) w. PN (All versions < V4.7 SP9 HF1), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF6), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S120 V4.8 w. PN (All versions < V4.8 HF5), SINAMICS S150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS V90 w. PN (All versions < V1.02), SINUMERIK 840D sl (All versions), SIMATIC Compact Field Unit (All versions), SIMATIC PN/PN Coupler (All versions), SIMOCODE pro V PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions). Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-05-15T00:00:00", + "ID": "CVE-2017-12741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SIMATIC S7-200 Smart, SIMATIC S7-400 PN V6, SIMATIC S7-400 H V6, SIMATIC S7-400 PN/DP V7, SIMATIC S7-410 V8, SIMATIC S7-300, SIMATIC S7-1200, SIMATIC S7-1500, SIMATIC S7-1500 Software Controller, SIMATIC WinAC RTX 2010 incl. F, SIMATIC ET 200AL, SIMATIC ET 200ecoPN, SIMATIC ET 200M, SIMATIC ET 200MP IM155-5 PN BA, SIMATIC ET 200MP IM155-5 PN ST, SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST), SIMATIC ET 200pro, SIMATIC ET 200S, SIMATIC ET 200SP, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, SIMOTION D, SIMOTION C, SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120 (C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIMATIC Compact Field Unit, SIMATIC PN/PN Coupler, SIMOCODE pro V PROFINET, SIRIUS Soft Starter 3RW44 PN", + "version": { + "version_data": [ + { + "version_value": "SIMATIC S7-200 Smart : All versions < V2.03.01" + }, + { + "version_value": "SIMATIC S7-400 PN V6 : All versions < V6.0.6" + }, + { + "version_value": "SIMATIC S7-400 H V6 : All versions < V6.0.8" + }, + { + "version_value": "SIMATIC S7-400 PN/DP V7 : All versions < V7.0.2" + }, + { + "version_value": "SIMATIC S7-410 V8 : All versions" + }, + { + "version_value": "SIMATIC S7-300 : All versions" + }, + { + "version_value": "SIMATIC S7-1200 : All versions < V4.2.3" + }, + { + "version_value": "SIMATIC S7-1500 : All versions < V2.0" + }, + { + "version_value": "SIMATIC S7-1500 Software Controller : All versions < V2.0" + }, + { + "version_value": "SIMATIC WinAC RTX 2010 incl. F : All versions" + }, + { + "version_value": "SIMATIC ET 200AL : All versions" + }, + { + "version_value": "SIMATIC ET 200ecoPN : All versions" + }, + { + "version_value": "SIMATIC ET 200M : All versions" + }, + { + "version_value": "SIMATIC ET 200MP IM155-5 PN BA : All versions < V4.0.2" + }, + { + "version_value": "SIMATIC ET 200MP IM155-5 PN ST : All versions < V4.1" + }, + { + "version_value": "SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) : All versions" + }, + { + "version_value": "SIMATIC ET 200pro : All versions" + }, + { + "version_value": "SIMATIC ET 200S : All versions" + }, + { + "version_value": "SIMATIC ET 200SP : All versions" + }, + { + "version_value": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller : All versions < V4.1.1 Patch 05" + }, + { + "version_value": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P : All versions < V4.5" + }, + { + "version_value": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 : All versions < V4.5" + }, + { + "version_value": "SIMOTION D : All versions < V5.1 HF1" + }, + { + "version_value": "SIMOTION C : All versions < V5.1 HF1" + }, + { + "version_value": "SIMOTION P V4.4 and V4.5 : All versions < V4.5 HF5" + }, + { + "version_value": "SIMOTION P V5 : All versions < V5.1 HF1" + }, + { + "version_value": "SINAMICS DCM w. PN : All versions < V1.4 SP1 HF6" + }, + { + "version_value": "SINAMICS DCP w. PN : All versions < V1.2 HF2" + }, + { + "version_value": "SINAMICS G110M w. PN : All versions < V4.7 SP9 HF1" + }, + { + "version_value": "SINAMICS G120 (C/P/D) w. PN : All versions < V4.7 SP9 HF1" + }, + { + "version_value": "SINAMICS G130 V4.7 w. PN : All versions < V4.7 HF29" + }, + { + "version_value": "SINAMICS G130 V4.8 w. PN : All versions < V4.8 HF4" + }, + { + "version_value": "SINAMICS G150 V4.7 w. PN : All versions < V4.7 HF29" + }, + { + "version_value": "SINAMICS G150 V4.8 w. PN : All versions < V4.8 HF4" + }, + { + "version_value": "SINAMICS S110 w. PN : All versions < V4.4 SP3 HF6" + }, + { + "version_value": "SINAMICS S120 V4.7 w. PN : All versions < V4.7 HF29" + }, + { + "version_value": "SINAMICS S120 V4.8 w. PN : All versions < V4.8 HF5" + }, + { + "version_value": "SINAMICS S150 V4.7 w. PN : All versions < V4.7 HF29" + }, + { + "version_value": "SINAMICS S150 V4.8 w. PN : All versions < V4.8 HF4" + }, + { + "version_value": "SINAMICS V90 w. PN : All versions < V1.02" + }, + { + "version_value": "SINUMERIK 840D sl : All versions" + }, + { + "version_value": "SIMATIC Compact Field Unit : All versions" + }, + { + "version_value": "SIMATIC PN/PN Coupler : All versions" + }, + { + "version_value": "SIMOCODE pro V PROFINET : All versions" + }, + { + "version_value": "SIRIUS Soft Starter 3RW44 PN : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf" - }, - { - "name" : "101964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC S7-200 Smart (All versions < V2.03.01), SIMATIC S7-400 PN V6 (All versions < V6.0.6), SIMATIC S7-400 H V6 (All versions < V6.0.8), SIMATIC S7-400 PN/DP V7 (All versions < V7.0.2), SIMATIC S7-410 V8 (All versions), SIMATIC S7-300 (All versions), SIMATIC S7-1200 (All versions < V4.2.3), SIMATIC S7-1500 (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC WinAC RTX 2010 incl. F (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.2), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5), SIMOTION D (All versions < V5.1 HF1), SIMOTION C (All versions < V5.1 HF1), SIMOTION P V4.4 and V4.5 (All versions < V4.5 HF5), SIMOTION P V5 (All versions < V5.1 HF1), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF6), SINAMICS DCP w. PN (All versions < V1.2 HF2), SINAMICS G110M w. PN (All versions < V4.7 SP9 HF1), SINAMICS G120 (C/P/D) w. PN (All versions < V4.7 SP9 HF1), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF6), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S120 V4.8 w. PN (All versions < V4.8 HF5), SINAMICS S150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS V90 w. PN (All versions < V1.02), SINUMERIK 840D sl (All versions), SIMATIC Compact Field Unit (All versions), SIMATIC PN/PN Coupler (All versions), SIMOCODE pro V PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions). Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf" + }, + { + "name": "101964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101964" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13145.json b/2017/13xxx/CVE-2017-13145.json index 3058301c3eb..b2ced600923 100644 --- a/2017/13xxx/CVE-2017-13145.json +++ b/2017/13xxx/CVE-2017-13145.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869830", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869830" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/501", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/501" - }, - { - "name" : "DSA-4019", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4019" - }, - { - "name" : "GLSA-201711-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-07" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "GLSA-201711-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-07" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869830", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869830" + }, + { + "name": "DSA-4019", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4019" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/501", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/501" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16178.json b/2017/16xxx/CVE-2017-16178.json index 7f816521794..534a8fd8356 100644 --- a/2017/16xxx/CVE-2017-16178.json +++ b/2017/16xxx/CVE-2017-16178.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "intsol-package node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "intsol-package node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/intsol-package", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/intsol-package" - }, - { - "name" : "https://nodesecurity.io/advisories/461", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/intsol-package", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/intsol-package" + }, + { + "name": "https://nodesecurity.io/advisories/461", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/461" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16605.json b/2017/16xxx/CVE-2017-16605.json index 88d47c1a2b9..69ee9fa60de 100644 --- a/2017/16xxx/CVE-2017-16605.json +++ b/2017/16xxx/CVE-2017-16605.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetGain Systems Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.730 build 1034" - } - ] - } - } - ] - }, - "vendor_name" : "NetGain Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fattrs_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5196." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetGain Systems Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name": "NetGain Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-970", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-970" - }, - { - "name" : "102512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fattrs_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5196." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-970", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-970" + }, + { + "name": "102512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102512" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16964.json b/2017/16xxx/CVE-2017-16964.json index 168297128da..40b16abe84a 100644 --- a/2017/16xxx/CVE-2017-16964.json +++ b/2017/16xxx/CVE-2017-16964.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16964", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16964", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4049.json b/2017/4xxx/CVE-2017-4049.json index 31a95d1da04..f97165f04af 100644 --- a/2017/4xxx/CVE-2017-4049.json +++ b/2017/4xxx/CVE-2017-4049.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4049", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4049", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4692.json b/2017/4xxx/CVE-2017-4692.json index 1b5c5cf600e..8216ef2a521 100644 --- a/2017/4xxx/CVE-2017-4692.json +++ b/2017/4xxx/CVE-2017-4692.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4692", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4692", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4940.json b/2017/4xxx/CVE-2017-4940.json index 17a2648317d..e7a61c5a559 100644 --- a/2017/4xxx/CVE-2017-4940.json +++ b/2017/4xxx/CVE-2017-4940.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2017-12-19T00:00:00", - "ID" : "CVE-2017-4940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ESXi", - "version" : { - "version_data" : [ - { - "version_value" : "6.5 before ESXi650-201712103-SG" - }, - { - "version_value" : "6.0 before ESXi600-201711103-SG" - }, - { - "version_value" : "5.5 before ESXi550-201709102-SG)" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stored cross-site scripting vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2017-12-19T00:00:00", + "ID": "CVE-2017-4940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ESXi", + "version": { + "version_data": [ + { + "version_value": "6.5 before ESXi650-201712103-SG" + }, + { + "version_value": "6.0 before ESXi600-201711103-SG" + }, + { + "version_value": "5.5 before ESXi550-201709102-SG)" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2017-0021.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2017-0021.html" - }, - { - "name" : "1040024", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored cross-site scripting vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html" + }, + { + "name": "1040024", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040024" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18340.json b/2018/18xxx/CVE-2018-18340.json index ad191c99014..3320bfa56de 100644 --- a/2018/18xxx/CVE-2018-18340.json +++ b/2018/18xxx/CVE-2018-18340.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-18340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-18340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/896736", - "refsource" : "MISC", - "url" : "https://crbug.com/896736" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4352", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4352" - }, - { - "name" : "RHSA-2018:3803", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3803" - }, - { - "name" : "106084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/896736", + "refsource": "MISC", + "url": "https://crbug.com/896736" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:3803", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3803" + }, + { + "name": "DSA-4352", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4352" + }, + { + "name": "106084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106084" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18725.json b/2018/18xxx/CVE-2018-18725.json index 9b05a408a27..82fe98c0bf7 100644 --- a/2018/18xxx/CVE-2018-18725.json +++ b/2018/18xxx/CVE-2018-18725.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/source-trace/yunucms/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/source-trace/yunucms/issues/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/source-trace/yunucms/issues/4", + "refsource": "MISC", + "url": "https://github.com/source-trace/yunucms/issues/4" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18814.json b/2018/18xxx/CVE-2018-18814.json index 42c30749211..0efbe684c8d 100644 --- a/2018/18xxx/CVE-2018-18814.json +++ b/2018/18xxx/CVE-2018-18814.json @@ -1,131 +1,131 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2019-01-16T17:00:00.000Z", - "ID" : "CVE-2018-18814", - "STATE" : "PUBLIC", - "TITLE" : "TIBCO Spotfire Authentication Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIBCO Spotfire Analytics Platform for AWS Marketplace", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "10.0.0" - } - ] - } - }, - { - "product_name" : "TIBCO Spotfire Server", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "7.10.1" - }, - { - "affected" : "=", - "version_value" : "7.11.0" - }, - { - "affected" : "=", - "version_value" : "7.11.1" - }, - { - "affected" : "=", - "version_value" : "7.12.0" - }, - { - "affected" : "=", - "version_value" : "7.13.0" - }, - { - "affected" : "=", - "version_value" : "7.14.0" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component." - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2019-01-16T17:00:00.000Z", + "ID": "CVE-2018-18814", + "STATE": "PUBLIC", + "TITLE": "TIBCO Spotfire Authentication Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "10.0.0" + } + ] + } + }, + { + "product_name": "TIBCO Spotfire Server", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "7.10.1" + }, + { + "affected": "=", + "version_value": "7.11.0" + }, + { + "affected": "=", + "version_value": "7.11.1" + }, + { + "affected": "=", + "version_value": "7.12.0" + }, + { + "affected": "=", + "version_value": "7.13.0" + }, + { + "affected": "=", + "version_value": "7.14.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/services/support/advisories", - "refsource" : "MISC", - "url" : "http://www.tibco.com/services/support/advisories" - }, - { - "name" : "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814" - }, - { - "name" : "106635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106635" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher\nTIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher\nTIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, and 7.14.0 update to version 10.0.0 or higher" - } - ], - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106635" + }, + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "MISC", + "url": "http://www.tibco.com/services/support/advisories" + }, + { + "name": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher\nTIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher\nTIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, and 7.14.0 update to version 10.0.0 or higher" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18830.json b/2018/18xxx/CVE-2018-18830.json index 9f6fa21f691..e440d61f27e 100644 --- a/2018/18xxx/CVE-2018-18830.json +++ b/2018/18xxx/CVE-2018-18830.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in com\\mingsoft\\basic\\action\\web\\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitee.com/mingSoft/MCMS/issues/IO0IQ", - "refsource" : "MISC", - "url" : "https://gitee.com/mingSoft/MCMS/issues/IO0IQ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in com\\mingsoft\\basic\\action\\web\\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitee.com/mingSoft/MCMS/issues/IO0IQ", + "refsource": "MISC", + "url": "https://gitee.com/mingSoft/MCMS/issues/IO0IQ" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1752.json b/2018/1xxx/CVE-2018-1752.json index 66ee1d57883..e6a772e7e8c 100644 --- a/2018/1xxx/CVE-2018-1752.json +++ b/2018/1xxx/CVE-2018-1752.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1752", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1752", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5414.json b/2018/5xxx/CVE-2018-5414.json index 61b60be0230..4369ca6f5ef 100644 --- a/2018/5xxx/CVE-2018-5414.json +++ b/2018/5xxx/CVE-2018-5414.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5414", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-5414", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5466.json b/2018/5xxx/CVE-2018-5466.json index 82d3a0a331b..230a900e248 100644 --- a/2018/5xxx/CVE-2018-5466.json +++ b/2018/5xxx/CVE-2018-5466.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-02-27T00:00:00", - "ID" : "CVE-2018-5466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Philips IntelliSpace Portal", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.x" - }, - { - "version_value" : "7.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Philips" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CRYPTOGRAPHIC ISSUES CWE-310" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-02-27T00:00:00", + "ID": "CVE-2018-5466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Philips IntelliSpace Portal", + "version": { + "version_data": [ + { + "version_value": "8.0.x" + }, + { + "version_value": "7.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Philips" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", - "refsource" : "CONFIRM", - "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" - }, - { - "name" : "103182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CRYPTOGRAPHIC ISSUES CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource": "CONFIRM", + "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" + }, + { + "name": "103182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103182" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5538.json b/2018/5xxx/CVE-2018-5538.json index cdd110ae4e7..60d109ca45d 100644 --- a/2018/5xxx/CVE-2018-5538.json +++ b/2018/5xxx/CVE-2018-5538.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-07-24T00:00:00", - "ID" : "CVE-2018-5538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (DNS)", - "version" : { - "version_data" : [ - { - "version_value" : "13.1.0-13.1.0.7" - }, - { - "version_value" : "12.1.3-12.1.3.5" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable \"dnsexpress.notifyport\" is set to any value other than the default of \"0\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-07-24T00:00:00", + "ID": "CVE-2018-5538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (DNS)", + "version": { + "version_data": [ + { + "version_value": "13.1.0-13.1.0.7" + }, + { + "version_value": "12.1.3-12.1.3.5" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K45435121", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K45435121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable \"dnsexpress.notifyport\" is set to any value other than the default of \"0\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K45435121", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K45435121" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5772.json b/2018/5xxx/CVE-2018-5772.json index fd759f0d49d..060dd2f2b2e 100644 --- a/2018/5xxx/CVE-2018-5772.json +++ b/2018/5xxx/CVE-2018-5772.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Exiv2/exiv2/issues/216", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/issues/216" - }, - { - "name" : "GLSA-201811-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-14" - }, - { - "name" : "102789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102789" + }, + { + "name": "GLSA-201811-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-14" + }, + { + "name": "https://github.com/Exiv2/exiv2/issues/216", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/issues/216" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5773.json b/2018/5xxx/CVE-2018-5773.json index 3c4310f8977..4680caedc83 100644 --- a/2018/5xxx/CVE-2018-5773.json +++ b/2018/5xxx/CVE-2018-5773.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/trentm/python-markdown2/issues/285", - "refsource" : "MISC", - "url" : "https://github.com/trentm/python-markdown2/issues/285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/trentm/python-markdown2/issues/285", + "refsource": "MISC", + "url": "https://github.com/trentm/python-markdown2/issues/285" + } + ] + } +} \ No newline at end of file