diff --git a/2001/0xxx/CVE-2001-0123.json b/2001/0xxx/CVE-2001-0123.json index ccc886050a4..bacb1ea3b99 100644 --- a/2001/0xxx/CVE-2001-0123.json +++ b/2001/0xxx/CVE-2001-0123.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010107 Cgisecurity.com Advisory #3.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97905792214999&w=2" - }, - { - "name" : "http://www.extropia.com/hacks/bbs_security.html", - "refsource" : "CONFIRM", - "url" : "http://www.extropia.com/hacks/bbs_security.html" - }, - { - "name" : "2177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2177" - }, - { - "name" : "http-cgi-bbs-forum(5906)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5906" - }, - { - "name" : "3546", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.extropia.com/hacks/bbs_security.html", + "refsource": "CONFIRM", + "url": "http://www.extropia.com/hacks/bbs_security.html" + }, + { + "name": "3546", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3546" + }, + { + "name": "20010107 Cgisecurity.com Advisory #3.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97905792214999&w=2" + }, + { + "name": "2177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2177" + }, + { + "name": "http-cgi-bbs-forum(5906)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5906" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0130.json b/2001/0xxx/CVE-2001-0130.json index d6070056207..11c2a1a0336 100644 --- a/2001/0xxx/CVE-2001-0130.json +++ b/2001/0xxx/CVE-2001-0130.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html", - "refsource" : "MISC", - "url" : "http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html" - }, - { - "name" : "lotus-html-bo(6207)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html", + "refsource": "MISC", + "url": "http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html" + }, + { + "name": "lotus-html-bo(6207)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6207" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0183.json b/2001/0xxx/CVE-2001-0183.json index 91452dcb5e3..0a56b1d12f3 100644 --- a/2001/0xxx/CVE-2001-0183.json +++ b/2001/0xxx/CVE-2001-0183.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010125 ecepass - proof of concept code for FreeBSD ipfw bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.security-express.com/archives/bugtraq/2001-01/0424.html" - }, - { - "name" : "FreeBSD-SA-01:08", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc" - }, - { - "name" : "L-029", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-029.shtml" - }, - { - "name" : "2293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2293" - }, - { - "name" : "1743", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1743" - }, - { - "name" : "ipfw-bypass-firewall(5998)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2293" + }, + { + "name": "L-029", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-029.shtml" + }, + { + "name": "20010125 ecepass - proof of concept code for FreeBSD ipfw bypass", + "refsource": "BUGTRAQ", + "url": "http://www.security-express.com/archives/bugtraq/2001-01/0424.html" + }, + { + "name": "ipfw-bypass-firewall(5998)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5998" + }, + { + "name": "FreeBSD-SA-01:08", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc" + }, + { + "name": "1743", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1743" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0529.json b/2001/0xxx/CVE-2001-0529.json index b76397507d5..a96fe6a482a 100644 --- a/2001/0xxx/CVE-2001-0529.json +++ b/2001/0xxx/CVE-2001-0529.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010604 SSH allows deletion of other users files...", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html" - }, - { - "name" : "20010604 Re: SSH allows deletion of other users files...", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html" - }, - { - "name" : "20010605 OpenSSH_2.5.2p2 RH7.0 <- version info", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/188737" - }, - { - "name" : "NetBSD-SA2001-010", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc" - }, - { - "name" : "CSSA-2001-023.0", - "refsource" : "CALDERA", - "url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt" - }, - { - "name" : "VU#655259", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/655259" - }, - { - "name" : "20010612", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata29.html" - }, - { - "name" : "IMNX-2001-70-034-01", - "refsource" : "IMMUNIX", - "url" : "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01" - }, - { - "name" : "CLA-2001:431", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431" - }, - { - "name" : "2825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2825" - }, - { - "name" : "openssh-symlink-file-deletion(6676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6676" - }, - { - "name" : "1853", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IMNX-2001-70-034-01", + "refsource": "IMMUNIX", + "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01" + }, + { + "name": "openssh-symlink-file-deletion(6676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6676" + }, + { + "name": "20010612", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata29.html" + }, + { + "name": "20010604 SSH allows deletion of other users files...", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html" + }, + { + "name": "20010604 Re: SSH allows deletion of other users files...", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html" + }, + { + "name": "20010605 OpenSSH_2.5.2p2 RH7.0 <- version info", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/188737" + }, + { + "name": "NetBSD-SA2001-010", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc" + }, + { + "name": "CSSA-2001-023.0", + "refsource": "CALDERA", + "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt" + }, + { + "name": "VU#655259", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/655259" + }, + { + "name": "2825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2825" + }, + { + "name": "1853", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1853" + }, + { + "name": "CLA-2001:431", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0706.json b/2001/0xxx/CVE-2001-0706.json index 42441fcba66..77a1919b6e3 100644 --- a/2001/0xxx/CVE-2001-0706.json +++ b/2001/0xxx/CVE-2001-0706.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010612 Rumpus FTP DoS vol. 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/190932" - }, - { - "name" : "rumpus-ftp-directory-dos(6699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6699" - }, - { - "name" : "2864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010612 Rumpus FTP DoS vol. 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/190932" + }, + { + "name": "rumpus-ftp-directory-dos(6699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6699" + }, + { + "name": "2864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2864" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0919.json b/2001/0xxx/CVE-2001-0919.json index 70b5d3d4e63..789ddd16b2f 100644 --- a/2001/0xxx/CVE-2001-0919.json +++ b/2001/0xxx/CVE-2001-0919.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.50.4134.0100 on Windows ME with \"Prompt to allow cookies to be stored on your machine\" enabled does not warn a user when a cookie is set using Javascript." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011126 Javascript can bypass user preference for cookie prompt in IE5.50.4134.0100", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100679857614967&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.50.4134.0100 on Windows ME with \"Prompt to allow cookies to be stored on your machine\" enabled does not warn a user when a cookie is set using Javascript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011126 Javascript can bypass user preference for cookie prompt in IE5.50.4134.0100", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100679857614967&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0980.json b/2001/0xxx/CVE-2001-0980.json index 4ad71b9ab4f..8eb66d1f0c8 100644 --- a/2001/0xxx/CVE-2001-0980.json +++ b/2001/0xxx/CVE-2001-0980.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CSSA-2001-026.0", - "refsource" : "CALDERA", - "url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt" - }, - { - "name" : "docview-httpd-command-execution(6854)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6854" - }, - { - "name" : "3052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "docview-httpd-command-execution(6854)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6854" + }, + { + "name": "CSSA-2001-026.0", + "refsource": "CALDERA", + "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt" + }, + { + "name": "3052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3052" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2041.json b/2006/2xxx/CVE-2006-2041.json index e2df04964f8..f933dadd47f 100644 --- a/2006/2xxx/CVE-2006-2041.json +++ b/2006/2xxx/CVE-2006-2041.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-1515", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1515" - }, - { - "name" : "19801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19801" - }, - { - "name" : "phpwebgallery-picture-bypass-security(26079)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19801" + }, + { + "name": "ADV-2006-1515", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1515" + }, + { + "name": "phpwebgallery-picture-bypass-security(26079)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26079" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2138.json b/2006/2xxx/CVE-2006-2138.json index 964d3a6da0f..e0103f39ea7 100644 --- a/2006/2xxx/CVE-2006-2138.json +++ b/2006/2xxx/CVE-2006-2138.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060428 Neomail.pl Local Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432398/100/0/threaded" - }, - { - "name" : "http://www.aria-security.net/hm/neomail.txt", - "refsource" : "MISC", - "url" : "http://www.aria-security.net/hm/neomail.txt" - }, - { - "name" : "17728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17728" - }, - { - "name" : "ADV-2006-1590", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1590" - }, - { - "name" : "19906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19906" - }, - { - "name" : "827", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/827" - }, - { - "name" : "neomail-sessionid-xss(26127)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060428 Neomail.pl Local Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432398/100/0/threaded" + }, + { + "name": "http://www.aria-security.net/hm/neomail.txt", + "refsource": "MISC", + "url": "http://www.aria-security.net/hm/neomail.txt" + }, + { + "name": "neomail-sessionid-xss(26127)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26127" + }, + { + "name": "827", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/827" + }, + { + "name": "17728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17728" + }, + { + "name": "19906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19906" + }, + { + "name": "ADV-2006-1590", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1590" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2449.json b/2006/2xxx/CVE-2006-2449.json index 4161d7cd339..f9536dbb04c 100644 --- a/2006/2xxx/CVE-2006-2449.json +++ b/2006/2xxx/CVE-2006-2449.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 [KDE Security Advisory] KDM symlink attack vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437133/100/0/threaded" - }, - { - "name" : "20060615 rPSA-2006-0106-1 kdebase", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437322/100/0/threaded" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20060614-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20060614-1.txt" - }, - { - "name" : "DSA-1156", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1156" - }, - { - "name" : "GLSA-200606-23", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml" - }, - { - "name" : "MDKSA-2006:105", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:105" - }, - { - "name" : "MDKSA-2006:106", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:106" - }, - { - "name" : "RHSA-2006:0548", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0548.html" - }, - { - "name" : "SSA:2006-178-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.444467" - }, - { - "name" : "SUSE-SA:2006:039", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_39_kdm.html" - }, - { - "name" : "USN-301-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/301-1/" - }, - { - "name" : "18431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18431" - }, - { - "name" : "oval:org.mitre.oval:def:9844", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9844" - }, - { - "name" : "ADV-2006-2355", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2355" - }, - { - "name" : "26511", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26511" - }, - { - "name" : "1016297", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016297" - }, - { - "name" : "20602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20602" - }, - { - "name" : "20660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20660" - }, - { - "name" : "20674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20674" - }, - { - "name" : "20702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20702" - }, - { - "name" : "20785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20785" - }, - { - "name" : "20869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20869" - }, - { - "name" : "20890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20890" - }, - { - "name" : "21662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21662" - }, - { - "name" : "kde-kdm-symlink(27181)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21662" + }, + { + "name": "20890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20890" + }, + { + "name": "20674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20674" + }, + { + "name": "26511", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26511" + }, + { + "name": "20702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20702" + }, + { + "name": "RHSA-2006:0548", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0548.html" + }, + { + "name": "1016297", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016297" + }, + { + "name": "MDKSA-2006:106", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:106" + }, + { + "name": "USN-301-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/301-1/" + }, + { + "name": "20602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20602" + }, + { + "name": "kde-kdm-symlink(27181)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27181" + }, + { + "name": "20869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20869" + }, + { + "name": "oval:org.mitre.oval:def:9844", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9844" + }, + { + "name": "ADV-2006-2355", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2355" + }, + { + "name": "20660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20660" + }, + { + "name": "DSA-1156", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1156" + }, + { + "name": "20060614 [KDE Security Advisory] KDM symlink attack vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437133/100/0/threaded" + }, + { + "name": "SUSE-SA:2006:039", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_39_kdm.html" + }, + { + "name": "http://www.kde.org/info/security/advisory-20060614-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20060614-1.txt" + }, + { + "name": "GLSA-200606-23", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-23.xml" + }, + { + "name": "SSA:2006-178-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.444467" + }, + { + "name": "20785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20785" + }, + { + "name": "MDKSA-2006:105", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:105" + }, + { + "name": "20060615 rPSA-2006-0106-1 kdebase", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437322/100/0/threaded" + }, + { + "name": "18431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18431" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2482.json b/2006/2xxx/CVE-2006-2482.json index 98127165902..ae095e0080c 100644 --- a/2006/2xxx/CVE-2006-2482.json +++ b/2006/2xxx/CVE-2006-2482.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-2482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-50/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-50/advisory/" - }, - { - "name" : "http://secunia.com/secunia_research/2006-72/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-72/advisory/" - }, - { - "name" : "19884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19884" - }, - { - "name" : "ADV-2006-3495", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3495" - }, - { - "name" : "ADV-2007-0235", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0235" - }, - { - "name" : "20270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20270" - }, - { - "name" : "21458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21458" - }, - { - "name" : "tziptv-arj-header-bo(28785)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19884" + }, + { + "name": "ADV-2007-0235", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0235" + }, + { + "name": "ADV-2006-3495", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3495" + }, + { + "name": "http://secunia.com/secunia_research/2006-50/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-50/advisory/" + }, + { + "name": "21458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21458" + }, + { + "name": "20270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20270" + }, + { + "name": "http://secunia.com/secunia_research/2006-72/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-72/advisory/" + }, + { + "name": "tziptv-arj-header-bo(28785)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28785" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2570.json b/2006/2xxx/CVE-2006-2570.json index 6ba321b62b0..fd6600716ea 100644 --- a/2006/2xxx/CVE-2006-2570.json +++ b/2006/2xxx/CVE-2006-2570.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[\"CLPath\"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1809", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1809" - }, - { - "name" : "18076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18076" - }, - { - "name" : "calogic-reconfig-srxclr-file-include(26590)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[\"CLPath\"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18076" + }, + { + "name": "1809", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1809" + }, + { + "name": "calogic-reconfig-srxclr-file-include(26590)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26590" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2583.json b/2006/2xxx/CVE-2006-2583.json index f818d1fc495..c8b10e75473 100644 --- a/2006/2xxx/CVE-2006-2583.json +++ b/2006/2xxx/CVE-2006-2583.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060523 Nucleus CMS <= 3.22 arbitrary remote inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434837/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/nucleus_322_incl_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/nucleus_322_incl_xpl.html" - }, - { - "name" : "http://www.nucleuscms.org/item/3038", - "refsource" : "CONFIRM", - "url" : "http://www.nucleuscms.org/item/3038" - }, - { - "name" : "http://forum.nucleuscms.org/viewtopic.php?t=12304", - "refsource" : "CONFIRM", - "url" : "http://forum.nucleuscms.org/viewtopic.php?t=12304" - }, - { - "name" : "18097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18097" - }, - { - "name" : "ADV-2006-1936", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1936" - }, - { - "name" : "25749", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25749" - }, - { - "name" : "1016146", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016146" - }, - { - "name" : "20219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20219" - }, - { - "name" : "951", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/951" - }, - { - "name" : "nucleus-dirlibs-file-include(26606)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20219" + }, + { + "name": "951", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/951" + }, + { + "name": "http://www.nucleuscms.org/item/3038", + "refsource": "CONFIRM", + "url": "http://www.nucleuscms.org/item/3038" + }, + { + "name": "20060523 Nucleus CMS <= 3.22 arbitrary remote inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434837/100/0/threaded" + }, + { + "name": "http://retrogod.altervista.org/nucleus_322_incl_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/nucleus_322_incl_xpl.html" + }, + { + "name": "nucleus-dirlibs-file-include(26606)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26606" + }, + { + "name": "1016146", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016146" + }, + { + "name": "ADV-2006-1936", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1936" + }, + { + "name": "18097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18097" + }, + { + "name": "http://forum.nucleuscms.org/viewtopic.php?t=12304", + "refsource": "CONFIRM", + "url": "http://forum.nucleuscms.org/viewtopic.php?t=12304" + }, + { + "name": "25749", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25749" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5575.json b/2008/5xxx/CVE-2008-5575.json index ecb0c1d8571..04fc3f6f0a0 100644 --- a/2008/5xxx/CVE-2008-5575.json +++ b/2008/5xxx/CVE-2008-5575.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081203 [HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498864/100/0/threaded" - }, - { - "name" : "32606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32606" - }, - { - "name" : "4752", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4752" - }, - { - "name" : "proclanmanager-phpsessid-session-hijacking(47036)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32606" + }, + { + "name": "20081203 [HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498864/100/0/threaded" + }, + { + "name": "proclanmanager-phpsessid-session-hijacking(47036)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47036" + }, + { + "name": "4752", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4752" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5724.json b/2008/5xxx/CVE-2008-5724.json index 79c6eff5c04..68e5605b9e9 100644 --- a/2008/5xxx/CVE-2008-5724.json +++ b/2008/5xxx/CVE-2008-5724.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \\Device\\Epfw that overwrites portions of memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ntinternals.org/ntiadv0807/ntiadv0807.html", - "refsource" : "MISC", - "url" : "http://www.ntinternals.org/ntiadv0807/ntiadv0807.html" - }, - { - "name" : "http://www.eset.com/joomla/index.php?option=com_content&task=view&id=4113&Itemid=5", - "refsource" : "CONFIRM", - "url" : "http://www.eset.com/joomla/index.php?option=com_content&task=view&id=4113&Itemid=5" - }, - { - "name" : "32917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32917" - }, - { - "name" : "ADV-2008-3456", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3456" - }, - { - "name" : "33210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33210" - }, - { - "name" : "smart-security-epfw-privilege-escalation(47477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \\Device\\Epfw that overwrites portions of memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.eset.com/joomla/index.php?option=com_content&task=view&id=4113&Itemid=5", + "refsource": "CONFIRM", + "url": "http://www.eset.com/joomla/index.php?option=com_content&task=view&id=4113&Itemid=5" + }, + { + "name": "33210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33210" + }, + { + "name": "http://www.ntinternals.org/ntiadv0807/ntiadv0807.html", + "refsource": "MISC", + "url": "http://www.ntinternals.org/ntiadv0807/ntiadv0807.html" + }, + { + "name": "ADV-2008-3456", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3456" + }, + { + "name": "32917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32917" + }, + { + "name": "smart-security-epfw-privilege-escalation(47477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47477" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5846.json b/2008/5xxx/CVE-2008-5846.json index f57caae425f..22a4dbb7a32 100644 --- a/2008/5xxx/CVE-2008-5846.json +++ b/2008/5xxx/CVE-2008-5846.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.movabletype.org/mt_423_change_log.html", - "refsource" : "CONFIRM", - "url" : "http://www.movabletype.org/mt_423_change_log.html" - }, - { - "name" : "33133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33133" - }, - { - "name" : "mt-entrylistingscreen-security-bypass(47759)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.movabletype.org/mt_423_change_log.html", + "refsource": "CONFIRM", + "url": "http://www.movabletype.org/mt_423_change_log.html" + }, + { + "name": "33133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33133" + }, + { + "name": "mt-entrylistingscreen-security-bypass(47759)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2119.json b/2011/2xxx/CVE-2011-2119.json index 48687defe63..8f6528e78ad 100644 --- a/2011/2xxx/CVE-2011-2119.json +++ b/2011/2xxx/CVE-2011-2119.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html" - }, - { - "name" : "TA11-166A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-17.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-17.html" + }, + { + "name": "TA11-166A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2300.json b/2011/2xxx/CVE-2011-2300.json index 22a3d0c01ed..758010f6801 100644 --- a/2011/2xxx/CVE-2011-2300.json +++ b/2011/2xxx/CVE-2011-2300.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "GLSA-201204-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-01.xml" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - }, - { - "name" : "oval:org.mitre.oval:def:13148", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13148" - }, - { - "name" : "1025805", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025805" - }, - { - "name" : "48755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13148", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13148" + }, + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "GLSA-201204-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-01.xml" + }, + { + "name": "48755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48755" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + }, + { + "name": "1025805", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025805" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2385.json b/2011/2xxx/CVE-2011-2385.json index b82d7d09aa0..cb63afd2057 100644 --- a/2011/2xxx/CVE-2011-2385.json +++ b/2011/2xxx/CVE-2011-2385.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://otrs.org/advisory/OSA-2011-02-en/", - "refsource" : "CONFIRM", - "url" : "http://otrs.org/advisory/OSA-2011-02-en/" - }, - { - "name" : "48678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48678" - }, - { - "name" : "73885", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73885" - }, - { - "name" : "45227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45227" - }, - { - "name" : "otrs-iphonehandle-priv-escalation(68558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73885", + "refsource": "OSVDB", + "url": "http://osvdb.org/73885" + }, + { + "name": "http://otrs.org/advisory/OSA-2011-02-en/", + "refsource": "CONFIRM", + "url": "http://otrs.org/advisory/OSA-2011-02-en/" + }, + { + "name": "otrs-iphonehandle-priv-escalation(68558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68558" + }, + { + "name": "48678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48678" + }, + { + "name": "45227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45227" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2481.json b/2011/2xxx/CVE-2011-2481.json index b3040b56e43..e373b8c22cb 100644 --- a/2011/2xxx/CVE-2011-2481.json +++ b/2011/2xxx/CVE-2011-2481.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1137753", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1137753" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1138788", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1138788" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=51395", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=51395" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "49147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49147" - }, - { - "name" : "1025924", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025924" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1138788", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1138788" + }, + { + "name": "1025924", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025924" + }, + { + "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51395", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51395" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1137753", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1137753" + }, + { + "name": "49147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49147" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2609.json b/2011/2xxx/CVE-2011-2609.json index 9955e9cd8fa..cb22ee4099e 100644 --- a/2011/2xxx/CVE-2011-2609.json +++ b/2011/2xxx/CVE-2011-2609.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1150/" - }, - { - "name" : "http://www.opera.com/support/kb/view/995/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/995/" - }, - { - "name" : "48500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48500" - }, - { - "name" : "73485", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/73485" - }, - { - "name" : "45060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45060" - }, - { - "name" : "opera-data-uris-xss(68322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opera-data-uris-xss(68322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68322" + }, + { + "name": "48500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48500" + }, + { + "name": "45060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45060" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1150/" + }, + { + "name": "http://www.opera.com/support/kb/view/995/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/995/" + }, + { + "name": "73485", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/73485" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1150/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1150/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2684.json b/2011/2xxx/CVE-2011-2684.json index 054687c59d2..e946b6ca1f2 100644 --- a/2011/2xxx/CVE-2011-2684.json +++ b/2011/2xxx/CVE-2011-2684.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140208 Fwd: Old CVE ids, public, but still", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/5" - }, - { - "name" : "http://www.openwall.com/lists/oss-security/2011/07/06/10", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/06/10" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2011-2684/", - "refsource" : "MISC", - "url" : "https://security-tracker.debian.org/tracker/CVE-2011-2684/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140208 Fwd: Old CVE ids, public, but still", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/08/5" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/foo2zjs/+bug/805370" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633870" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2011/07/06/10", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2011/07/06/10" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2011-2684/", + "refsource": "MISC", + "url": "https://security-tracker.debian.org/tracker/CVE-2011-2684/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2975.json b/2011/2xxx/CVE-2011-2975.json index 838f6631f3d..b6aa887197f 100644 --- a/2011/2xxx/CVE-2011-2975.json +++ b/2011/2xxx/CVE-2011-2975.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes", - "refsource" : "MLIST", - "url" : "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html" - }, - { - "name" : "http://trac.osgeo.org/mapserver/ticket/3939", - "refsource" : "CONFIRM", - "url" : "http://trac.osgeo.org/mapserver/ticket/3939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.osgeo.org/mapserver/ticket/3939", + "refsource": "CONFIRM", + "url": "http://trac.osgeo.org/mapserver/ticket/3939" + }, + { + "name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes", + "refsource": "MLIST", + "url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3227.json b/2011/3xxx/CVE-2011-3227.json index 326f23f0c37..eab2f131402 100644 --- a/2011/3xxx/CVE-2011-3227.json +++ b/2011/3xxx/CVE-2011-3227.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3252.json b/2011/3xxx/CVE-2011-3252.json index 071865fdb33..0fe07020716 100644 --- a/2011/3xxx/CVE-2011-3252.json +++ b/2011/3xxx/CVE-2011-3252.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "76381", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76381" - }, - { - "name" : "oval:org.mitre.oval:def:16784", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "oval:org.mitre.oval:def:16784", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16784" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "76381", + "refsource": "OSVDB", + "url": "http://osvdb.org/76381" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3373.json b/2011/3xxx/CVE-2011-3373.json index 6de538beed2..34ba1c2389e 100644 --- a/2011/3xxx/CVE-2011-3373.json +++ b/2011/3xxx/CVE-2011-3373.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3373", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3373", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3422.json b/2011/3xxx/CVE-2011-3422.json index c68db7d84b1..c952ac39866 100644 --- a/2011/3xxx/CVE-2011-3422.json +++ b/2011/3xxx/CVE-2011-3422.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates", - "refsource" : "MISC", - "url" : "http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "49429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49429" - }, - { - "name" : "1026002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026002" - }, - { - "name" : "macos-keychain-sec-bypass(69556)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49429" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "1026002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026002" + }, + { + "name": "http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates", + "refsource": "MISC", + "url": "http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "macos-keychain-sec-bypass(69556)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69556" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4028.json b/2011/4xxx/CVE-2011-4028.json index af87899a864..d92d05aa3a0 100644 --- a/2011/4xxx/CVE-2011-4028.json +++ b/2011/4xxx/CVE-2011-4028.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[xorg] 20111018 X.Org security advisory: xserver locking code issues", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg/2011-October/053680.html" - }, - { - "name" : "http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34" - }, - { - "name" : "RHSA-2012:0939", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0939.html" - }, - { - "name" : "46460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46460" - }, - { - "name" : "49579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34" + }, + { + "name": "[xorg] 20111018 X.Org security advisory: xserver locking code issues", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg/2011-October/053680.html" + }, + { + "name": "46460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46460" + }, + { + "name": "RHSA-2012:0939", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0939.html" + }, + { + "name": "49579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49579" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0162.json b/2013/0xxx/CVE-2013-0162.json index 3accbc350cc..f97125815db 100644 --- a/2013/0xxx/CVE-2013-0162.json +++ b/2013/0xxx/CVE-2013-0162.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=892806", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=892806" - }, - { - "name" : "RHSA-2013:0544", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0544.html" - }, - { - "name" : "RHSA-2013:0548", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0548.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=892806", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892806" + }, + { + "name": "RHSA-2013:0548", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html" + }, + { + "name": "RHSA-2013:0544", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0337.json b/2013/0xxx/CVE-2013-0337.json index 8a59a570b8b..1fdf749de03 100644 --- a/2013/0xxx/CVE-2013-0337.json +++ b/2013/0xxx/CVE-2013-0337.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130221 Re: CVE request: nginx world-readable logdir", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/22/1" - }, - { - "name" : "[oss-security] 20130221 nginx world-readable logdir", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/21/15" - }, - { - "name" : "[oss-security] 20130224 nginx CVE-2013-0337 world-readable logs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/24/1" - }, - { - "name" : "GLSA-201310-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201310-04.xml" - }, - { - "name" : "55181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55181" + }, + { + "name": "[oss-security] 20130224 nginx CVE-2013-0337 world-readable logs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/24/1" + }, + { + "name": "[oss-security] 20130221 Re: CVE request: nginx world-readable logdir", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/22/1" + }, + { + "name": "GLSA-201310-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" + }, + { + "name": "[oss-security] 20130221 nginx world-readable logdir", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/21/15" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0480.json b/2013/0xxx/CVE-2013-0480.json index 2520840abc3..70cdfcaa2ec 100644 --- a/2013/0xxx/CVE-2013-0480.json +++ b/2013/0xxx/CVE-2013-0480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0480", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0480", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0562.json b/2013/0xxx/CVE-2013-0562.json index 022b02f2ae2..0b38445ee90 100644 --- a/2013/0xxx/CVE-2013-0562.json +++ b/2013/0xxx/CVE-2013-0562.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0562", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0562", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0595.json b/2013/0xxx/CVE-2013-0595.json index b8e43a45d86..9153c81d408 100644 --- a/2013/0xxx/CVE-2013-0595.json +++ b/2013/0xxx/CVE-2013-0595.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21647740", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21647740" - }, - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21671622", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21671622" - }, - { - "name" : "inotes-cve20130595-xss(83431)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622" + }, + { + "name": "inotes-cve20130595-xss(83431)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83431" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1352.json b/2013/1xxx/CVE-2013-1352.json index 1e792474176..ffee5c4b83b 100644 --- a/2013/1xxx/CVE-2013-1352.json +++ b/2013/1xxx/CVE-2013-1352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1460.json b/2013/1xxx/CVE-2013-1460.json index c65d9f6ec2a..a0393e59fbd 100644 --- a/2013/1xxx/CVE-2013-1460.json +++ b/2013/1xxx/CVE-2013-1460.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1460", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1460", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1607.json b/2013/1xxx/CVE-2013-1607.json index f0e80ec986d..bbb8477b160 100644 --- a/2013/1xxx/CVE-2013-1607.json +++ b/2013/1xxx/CVE-2013-1607.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1607", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1607", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1800.json b/2013/1xxx/CVE-2013-1800.json index 89254324de2..a5c12bab961 100644 --- a/2013/1xxx/CVE-2013-1800.json +++ b/2013/1xxx/CVE-2013-1800.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jnunemaker/crack/commit/e3da1212a1f84a898ee3601336d1dbbf118fb5f6", - "refsource" : "MISC", - "url" : "https://github.com/jnunemaker/crack/commit/e3da1212a1f84a898ee3601336d1dbbf118fb5f6" - }, - { - "name" : "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately", - "refsource" : "MISC", - "url" : "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=804721", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=804721" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=917236", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=917236" - }, - { - "name" : "SUSE-SU-2013:0615", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00003.html" - }, - { - "name" : "52897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=917236", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917236" + }, + { + "name": "52897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52897" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=804721", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=804721" + }, + { + "name": "SUSE-SU-2013:0615", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00003.html" + }, + { + "name": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately", + "refsource": "MISC", + "url": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately" + }, + { + "name": "https://github.com/jnunemaker/crack/commit/e3da1212a1f84a898ee3601336d1dbbf118fb5f6", + "refsource": "MISC", + "url": "https://github.com/jnunemaker/crack/commit/e3da1212a1f84a898ee3601336d1dbbf118fb5f6" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5091.json b/2013/5xxx/CVE-2013-5091.json index c28951b14a9..16a0006afa4 100644 --- a/2013/5xxx/CVE-2013-5091.json +++ b/2013/5xxx/CVE-2013-5091.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130918 SQL Injection in vtiger CRM", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0079.html" - }, - { - "name" : "28409", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28409" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23168", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23168" - }, - { - "name" : "http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.4.0/Core%20Product/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.4.0/Core%20Product/" - }, - { - "name" : "76138", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130918 SQL Injection in vtiger CRM", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0079.html" + }, + { + "name": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.4.0/Core%20Product/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.4.0/Core%20Product/" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23168", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23168" + }, + { + "name": "76138", + "refsource": "OSVDB", + "url": "http://osvdb.org/76138" + }, + { + "name": "28409", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28409" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5098.json b/2013/5xxx/CVE-2013-5098.json index 69973d51e4a..9f157d30306 100644 --- a/2013/5xxx/CVE-2013-5098.json +++ b/2013/5xxx/CVE-2013-5098.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.trac.wordpress.org/changeset/723187/download-monitor", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset/723187/download-monitor" - }, - { - "name" : "61407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61407" - }, - { - "name" : "53116", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53116" - }, - { - "name" : "wp-downloadmonitor-cve20133262-admin-xss(85921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://plugins.trac.wordpress.org/changeset/723187/download-monitor", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset/723187/download-monitor" + }, + { + "name": "wp-downloadmonitor-cve20133262-admin-xss(85921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85921" + }, + { + "name": "53116", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53116" + }, + { + "name": "61407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61407" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5605.json b/2013/5xxx/CVE-2013-5605.json index 9bdc6f1d64f..11a294439b4 100644 --- a/2013/5xxx/CVE-2013-5605.json +++ b/2013/5xxx/CVE-2013-5605.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-5605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=934016", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=934016" - }, - { - "name" : "https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes", - "refsource" : "CONFIRM", - "url" : "https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes" - }, - { - "name" : "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes", - "refsource" : "CONFIRM", - "url" : "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes" - }, - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "DSA-2800", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2800" - }, - { - "name" : "GLSA-201406-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-19.xml" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2013:1840", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1840.html" - }, - { - "name" : "RHSA-2013:1841", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1841.html" - }, - { - "name" : "RHSA-2013:1791", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1791.html" - }, - { - "name" : "RHSA-2013:1829", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1829.html" - }, - { - "name" : "RHSA-2014:0041", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0041.html" - }, - { - "name" : "openSUSE-SU-2013:1730", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html" - }, - { - "name" : "SUSE-SU-2013:1807", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html" - }, - { - "name" : "openSUSE-SU-2013:1732", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html" - }, - { - "name" : "USN-2030-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2030-1" - }, - { - "name" : "USN-2031-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2031-1" - }, - { - "name" : "USN-2032-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2032-1" - }, - { - "name" : "63738", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "RHSA-2013:1840", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1840.html" + }, + { + "name": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes", + "refsource": "CONFIRM", + "url": "https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=934016", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934016" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "RHSA-2013:1841", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1841.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "openSUSE-SU-2013:1730", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "GLSA-201406-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml" + }, + { + "name": "USN-2030-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2030-1" + }, + { + "name": "USN-2031-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2031-1" + }, + { + "name": "USN-2032-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2032-1" + }, + { + "name": "RHSA-2013:1791", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html" + }, + { + "name": "https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes", + "refsource": "CONFIRM", + "url": "https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "SUSE-SU-2013:1807", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "DSA-2800", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2800" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "63738", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63738" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html" + }, + { + "name": "openSUSE-SU-2013:1732", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html" + }, + { + "name": "RHSA-2014:0041", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0041.html" + }, + { + "name": "RHSA-2013:1829", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5715.json b/2013/5xxx/CVE-2013-5715.json index ceac956f824..5c1c95762a9 100644 --- a/2013/5xxx/CVE-2013-5715.json +++ b/2013/5xxx/CVE-2013-5715.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://player.gomlab.com/eng/download/", - "refsource" : "CONFIRM", - "url" : "http://player.gomlab.com/eng/download/" - }, - { - "name" : "http://player.gomlab.com/eng/notice/view.gom?intseq=239", - "refsource" : "CONFIRM", - "url" : "http://player.gomlab.com/eng/notice/view.gom?intseq=239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://player.gomlab.com/eng/notice/view.gom?intseq=239", + "refsource": "CONFIRM", + "url": "http://player.gomlab.com/eng/notice/view.gom?intseq=239" + }, + { + "name": "http://player.gomlab.com/eng/download/", + "refsource": "CONFIRM", + "url": "http://player.gomlab.com/eng/download/" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5887.json b/2013/5xxx/CVE-2013-5887.json index 89502bdabe5..335a2ede370 100644 --- a/2013/5xxx/CVE-2013-5887.json +++ b/2013/5xxx/CVE-2013-5887.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0134", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" - }, - { - "name" : "RHSA-2014:0135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2014:0246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" - }, - { - "name" : "SUSE-SU-2014:0266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" - }, - { - "name" : "SUSE-SU-2014:0451", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64875" - }, - { - "name" : "102013", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102013" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - }, - { - "name" : "oracle-cpujan2014-cve20135887(90345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-cpujan2014-cve20135887(90345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90345" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "RHSA-2014:0135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "102013", + "refsource": "OSVDB", + "url": "http://osvdb.org/102013" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "SUSE-SU-2014:0451", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "SUSE-SU-2014:0266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" + }, + { + "name": "64875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64875" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "SUSE-SU-2014:0246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "RHSA-2014:0134", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2117.json b/2014/2xxx/CVE-2014-2117.json index ded63c24a71..62344d5b774 100644 --- a/2014/2xxx/CVE-2014-2117.json +++ b/2014/2xxx/CVE-2014-2117.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33642", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33642" - }, - { - "name" : "20140403 Cisco Emergency Responder Open Redirect Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2117" - }, - { - "name" : "66634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66634" - }, - { - "name" : "1030019", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33642", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33642" + }, + { + "name": "1030019", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030019" + }, + { + "name": "20140403 Cisco Emergency Responder Open Redirect Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2117" + }, + { + "name": "66634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66634" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2629.json b/2014/2xxx/CVE-2014-2629.json index 56121cd0d6b..c4dcadda215 100644 --- a/2014/2xxx/CVE-2014-2629.json +++ b/2014/2xxx/CVE-2014-2629.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to process-creation time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBNS03082", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=c04391893" - }, - { - "name" : "SSRT101655", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=c04391893" - }, - { - "name" : "69147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69147" - }, - { - "name" : "1030697", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030697" - }, - { - "name" : "59981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to process-creation time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030697", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030697" + }, + { + "name": "69147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69147" + }, + { + "name": "SSRT101655", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=c04391893" + }, + { + "name": "59981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59981" + }, + { + "name": "HPSBNS03082", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=c04391893" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2794.json b/2014/2xxx/CVE-2014-2794.json index 27632f5a62d..5943e8f4e73 100644 --- a/2014/2xxx/CVE-2014-2794.json +++ b/2014/2xxx/CVE-2014-2794.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2788." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68378", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68378" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2788." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + }, + { + "name": "68378", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68378" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2989.json b/2014/2xxx/CVE-2014-2989.json index 96f86391dfb..066c76bdfb9 100644 --- a/2014/2xxx/CVE-2014-2989.json +++ b/2014/2xxx/CVE-2014-2989.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23211", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23211" - }, - { - "name" : "67291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67291" - }, - { - "name" : "58539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67291" + }, + { + "name": "58539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58539" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23211", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23211" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0358.json b/2017/0xxx/CVE-2017-0358.json index 173b1cf99c2..05579fff8e1 100644 --- a/2017/0xxx/CVE-2017-0358.json +++ b/2017/0xxx/CVE-2017-0358.json @@ -1,104 +1,104 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "DATE_PUBLIC" : "2017-02-01T05:44:00.000Z", - "ID" : "CVE-2017-0358", - "STATE" : "PUBLIC", - "TITLE" : "ntfs-3g: Modprobe influence vulnerability via environment variables" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ntfs-3g", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "ntfs-3g" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Jann Horn of Google Project Zero" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "DATE_PUBLIC": "2017-02-01T05:44:00.000Z", + "ID": "CVE-2017-0358", + "STATE": "PUBLIC", + "TITLE": "ntfs-3g: Modprobe influence vulnerability via environment variables" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ntfs-3g", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "ntfs-3g" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41240", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41240/" - }, - { - "name" : "41356", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41356/" - }, - { - "name" : "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", - "refsource" : "MLIST", - "url" : "https://marc.info/?l=oss-security&m=148594671929354&w=2" - }, - { - "name" : "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/04/1" - }, - { - "name" : "DSA-3780", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3780" - }, - { - "name" : "GLSA-201702-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-10" - }, - { - "name" : "95987", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95987" - } - ] - }, - "source" : { - "advisory" : "https://marc.info/?l=oss-security&m=148594671929354&w=2", - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Jann Horn of Google Project Zero" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-10" + }, + { + "name": "DSA-3780", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3780" + }, + { + "name": "41240", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41240/" + }, + { + "name": "41356", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41356/" + }, + { + "name": "95987", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95987" + }, + { + "name": "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", + "refsource": "MLIST", + "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2" + }, + { + "name": "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1" + } + ] + }, + "source": { + "advisory": "https://marc.info/?l=oss-security&m=148594671929354&w=2", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0519.json b/2017/0xxx/CVE-2017-0519.json index ac612a6ffcf..bcdc017ea93 100644 --- a/2017/0xxx/CVE-2017-0519.json +++ b/2017/0xxx/CVE-2017-0519.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32372915. References: QC-CR#1086530." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96950" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32372915. References: QC-CR#1086530." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96950" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000105.json b/2017/1000xxx/CVE-2017-1000105.json index a3b6d01f62c..cb787011445 100644 --- a/2017/1000xxx/CVE-2017-1000105.json +++ b/2017/1000xxx/CVE-2017-1000105.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.319911", - "ID" : "CVE-2017-1000105", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Blue Ocean Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.1.5 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Blue Ocean Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.319911", + "ID": "CVE-2017-1000105", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-08-07/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-08-07/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-08-07/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-08-07/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12206.json b/2017/12xxx/CVE-2017-12206.json index 011998872f7..abe924bcc42 100644 --- a/2017/12xxx/CVE-2017-12206.json +++ b/2017/12xxx/CVE-2017-12206.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12206", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12206", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12618.json b/2017/12xxx/CVE-2017-12618.json index dc97871780b..ea88f035d32 100644 --- a/2017/12xxx/CVE-2017-12618.json +++ b/2017/12xxx/CVE-2017-12618.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-12618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Portable Runtime", - "version" : { - "version_data" : [ - { - "version_value" : "1.6.0 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-12618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Portable Runtime", + "version": { + "version_data": [ + { + "version_value": "1.6.0 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E" - }, - { - "name" : "[debian-lts-announce] 20171106 [SECURITY] [DLA 1163-1] apr-util security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html" - }, - { - "name" : "101558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101558" - }, - { - "name" : "1042004", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1163-1] apr-util security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html" + }, + { + "name": "1042004", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042004" + }, + { + "name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E" + }, + { + "name": "101558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101558" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12707.json b/2017/12xxx/CVE-2017-12707.json index 266bda1cea6..27cf83915a6 100644 --- a/2017/12xxx/CVE-2017-12707.json +++ b/2017/12xxx/CVE-2017-12707.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-12707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SpiderControl SCADA MicroBrowser", - "version" : { - "version_data" : [ - { - "version_value" : "SpiderControl SCADA MicroBrowser" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-12707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SpiderControl SCADA MicroBrowser", + "version": { + "version_data": [ + { + "version_value": "SpiderControl SCADA MicroBrowser" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02" - }, - { - "name" : "100453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02" + }, + { + "name": "100453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100453" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16130.json b/2017/16xxx/CVE-2017-16130.json index 1e6b6b4b246..d101290f54d 100644 --- a/2017/16xxx/CVE-2017-16130.json +++ b/2017/16xxx/CVE-2017-16130.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "exxxxxxxxxxx node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "exxxxxxxxxxx node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/exxxxxxxxxxx", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/exxxxxxxxxxx" - }, - { - "name" : "https://nodesecurity.io/advisories/478", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/478", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/478" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/exxxxxxxxxxx", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/exxxxxxxxxxx" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16337.json b/2017/16xxx/CVE-2017-16337.json index b42f3a5c980..244b67044ff 100644 --- a/2017/16xxx/CVE-2017-16337.json +++ b/2017/16xxx/CVE-2017-16337.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-06-19T00:00:00", - "ID" : "CVE-2017-16337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Insteon Hub 2245-222", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware version 1012" - } - ] - } - } - ] - }, - "vendor_name" : "Insteon" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-06-19T00:00:00", + "ID": "CVE-2017-16337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Insteon Hub 2245-222", + "version": { + "version_data": [ + { + "version_value": "Firmware version 1012" + } + ] + } + } + ] + }, + "vendor_name": "Insteon" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0483", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16991.json b/2017/16xxx/CVE-2017-16991.json index 674fad79579..60863c95071 100644 --- a/2017/16xxx/CVE-2017-16991.json +++ b/2017/16xxx/CVE-2017-16991.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16991", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16991", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4197.json b/2017/4xxx/CVE-2017-4197.json index 1b32fc2184e..dde782f5699 100644 --- a/2017/4xxx/CVE-2017-4197.json +++ b/2017/4xxx/CVE-2017-4197.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4197", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4197", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4598.json b/2017/4xxx/CVE-2017-4598.json index 493e4115d32..197f541b5c6 100644 --- a/2017/4xxx/CVE-2017-4598.json +++ b/2017/4xxx/CVE-2017-4598.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4598", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4598", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4722.json b/2017/4xxx/CVE-2017-4722.json index 3cba2c3ce54..19eb748f7d2 100644 --- a/2017/4xxx/CVE-2017-4722.json +++ b/2017/4xxx/CVE-2017-4722.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4722", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4722", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4793.json b/2017/4xxx/CVE-2017-4793.json index 22e9392c373..d4b674ec74f 100644 --- a/2017/4xxx/CVE-2017-4793.json +++ b/2017/4xxx/CVE-2017-4793.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4793", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4793", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4968.json b/2017/4xxx/CVE-2017-4968.json index a877294b55e..dc3330a16c3 100644 --- a/2017/4xxx/CVE-2017-4968.json +++ b/2017/4xxx/CVE-2017-4968.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4968", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4968", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5100.json b/2018/5xxx/CVE-2018-5100.json index 7cd79882f1f..928228b5c5f 100644 --- a/2018/5xxx/CVE-2018-5100.json +++ b/2018/5xxx/CVE-2018-5100.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "58" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur when arguments passed to the \"IsPotentiallyScrollable\" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free when IsPotentiallyScrollable arguments are freed from memory" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "58" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1417405", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1417405" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/" - }, - { - "name" : "USN-3544-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3544-1/" - }, - { - "name" : "102786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102786" - }, - { - "name" : "1040270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur when arguments passed to the \"IsPotentiallyScrollable\" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free when IsPotentiallyScrollable arguments are freed from memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040270" + }, + { + "name": "USN-3544-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3544-1/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1417405", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1417405" + }, + { + "name": "102786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102786" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5214.json b/2018/5xxx/CVE-2018-5214.json index b1d256bf73c..9856d8673b3 100644 --- a/2018/5xxx/CVE-2018-5214.json +++ b/2018/5xxx/CVE-2018-5214.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Add Link to Facebook\" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Add-Link-to-Facebook.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Add-Link-to-Facebook.md" - }, - { - "name" : "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-add-link-to-facebook/", - "refsource" : "MISC", - "url" : "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-add-link-to-facebook/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Add Link to Facebook\" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-add-link-to-facebook/", + "refsource": "MISC", + "url": "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-add-link-to-facebook/" + }, + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Add-Link-to-Facebook.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Add-Link-to-Facebook.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5401.json b/2018/5xxx/CVE-2018-5401.json index e65a27b3c89..bab05806aca 100644 --- a/2018/5xxx/CVE-2018-5401.json +++ b/2018/5xxx/CVE-2018-5401.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "DATE_PUBLIC" : "2018-10-01T04:00:00.000Z", - "ID" : "CVE-2018-5401", - "STATE" : "PUBLIC", - "TITLE" : "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DCU-210E ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "ARMv7", - "version_name" : "3.7", - "version_value" : "3.7" - } - ] - } - }, - { - "product_name" : "RP-210E", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "ARMv7", - "version_name" : "3.7", - "version_value" : "3.7" - } - ] - } - }, - { - "product_name" : "Marine Pro Observer Android App", - "version" : { - "version_data" : [ - { - "affected" : "?", - "platform" : "android", - "version_value" : "0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Auto-Maskin" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 9.1, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-319: Cleartext Transmission of Sensitive Information" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2018-10-01T04:00:00.000Z", + "ID": "CVE-2018-5401", + "STATE": "PUBLIC", + "TITLE": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DCU-210E ", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "ARMv7", + "version_name": "3.7", + "version_value": "3.7" + } + ] + } + }, + { + "product_name": "RP-210E", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "ARMv7", + "version_name": "3.7", + "version_value": "3.7" + } + ] + } + }, + { + "product_name": "Marine Pro Observer Android App", + "version": { + "version_data": [ + { + "affected": "?", + "platform": "android", + "version_value": "0.1" + } + ] + } + } + ] + }, + "vendor_name": "Auto-Maskin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#176301", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/176301" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication. \n" - } - ], - "source" : { - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#176301", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/176301" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication. \n" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5762.json b/2018/5xxx/CVE-2018-5762.json index bcf55a081d2..e9b202eff5e 100644 --- a/2018/5xxx/CVE-2018-5762.json +++ b/2018/5xxx/CVE-2018-5762.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=46", - "refsource" : "CONFIRM", - "url" : "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=46" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=46", + "refsource": "CONFIRM", + "url": "https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=46" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5988.json b/2018/5xxx/CVE-2018-5988.json index 3deae83a466..02b9117910c 100644 --- a/2018/5xxx/CVE-2018-5988.json +++ b/2018/5xxx/CVE-2018-5988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43869", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43869/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43869", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43869/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5997.json b/2018/5xxx/CVE-2018-5997.json index 1127cecbe4e..6c8ab7c1903 100644 --- a/2018/5xxx/CVE-2018-5997.json +++ b/2018/5xxx/CVE-2018-5997.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43871", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43871/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43871", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43871/" + } + ] + } +} \ No newline at end of file