diff --git a/2001/0xxx/CVE-2001-0044.json b/2001/0xxx/CVE-2001-0044.json index dfc20f6f079..c9d5ed557e8 100644 --- a/2001/0xxx/CVE-2001-0044.json +++ b/2001/0xxx/CVE-2001-0044.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001206 (SRADV00007) Local root compromise through Lexmark MarkVision printer drivers", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0064.html" - }, - { - "name" : "2075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2075" - }, - { - "name" : "markvision-printer-driver-bo(5651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001206 (SRADV00007) Local root compromise through Lexmark MarkVision printer drivers", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0064.html" + }, + { + "name": "markvision-printer-driver-bo(5651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5651" + }, + { + "name": "2075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2075" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0106.json b/2001/0xxx/CVE-2001-0106.json index d42f68c0ffb..b04f276e958 100644 --- a/2001/0xxx/CVE-2001-0106.json +++ b/2001/0xxx/CVE-2001-0106.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the \"swait\" state is used by a server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0101-136", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q1/0009.html" - }, - { - "name" : "hp-inetd-swait-dos(5904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the \"swait\" state is used by a server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX0101-136", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q1/0009.html" + }, + { + "name": "hp-inetd-swait-dos(5904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5904" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0457.json b/2001/0xxx/CVE-2001-0457.json index 06317aec3df..b4236fff7ae 100644 --- a/2001/0xxx/CVE-2001-0457.json +++ b/2001/0xxx/CVE-2001-0457.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-035", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-035" - }, - { - "name" : "man2html-remote-dos(6211)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6211" - }, - { - "name" : "5631", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "man2html-remote-dos(6211)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6211" + }, + { + "name": "5631", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5631" + }, + { + "name": "DSA-035", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-035" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1145.json b/2001/1xxx/CVE-2001-1145.json index 83d167fc20b..cffda0bd05e 100644 --- a/2001/1xxx/CVE-2001-1145.json +++ b/2001/1xxx/CVE-2001-1145.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "NetBSD-SA2001-016", - "refsource" : "NETBSD", - "url" : "http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html" - }, - { - "name" : "FreeBSD-SA-01:40", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc" - }, - { - "name" : "20010530 029: SECURITY FIX: May 30, 2001", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata28.html" - }, - { - "name" : "3205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3205" - }, - { - "name" : "bsd-fts-race-condition(8715)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8715.php" - }, - { - "name" : "5466", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-01:40", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc" + }, + { + "name": "5466", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5466" + }, + { + "name": "3205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3205" + }, + { + "name": "20010530 029: SECURITY FIX: May 30, 2001", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata28.html" + }, + { + "name": "NetBSD-SA2001-016", + "refsource": "NETBSD", + "url": "http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html" + }, + { + "name": "bsd-fts-race-condition(8715)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8715.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1501.json b/2001/1xxx/CVE-2001-1501.json index c7b34f88db4..d116a7a5064 100644 --- a/2001/1xxx/CVE-2001-1501.json +++ b/2001/1xxx/CVE-2001-1501.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) \"*/..\", (2) \"*/.*\", or (3) \".*./*?/\" sequences in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010315 [SECURITY] DoS vulnerability in ProFTPD", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/169395" - }, - { - "name" : "CLA-2002:450", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450" - }, - { - "name" : "MDKSA-2002:005", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) \"*/..\", (2) \"*/.*\", or (3) \".*./*?/\" sequences in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2002:005", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005" + }, + { + "name": "CLA-2002:450", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450" + }, + { + "name": "20010315 [SECURITY] DoS vulnerability in ProFTPD", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/169395" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2218.json b/2006/2xxx/CVE-2006-2218.json index 77fbd2c8621..12ca608dfb1 100644 --- a/2006/2xxx/CVE-2006-2218.json +++ b/2006/2xxx/CVE-2006-2218.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \"exceptional conditions\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437099/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-41/advisory", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-41/advisory" - }, - { - "name" : "MS06-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" - }, - { - "name" : "TA06-164A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" - }, - { - "name" : "VU#338828", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/338828" - }, - { - "name" : "17820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17820" - }, - { - "name" : "ADV-2006-2319", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2319" - }, - { - "name" : "27475", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27475" - }, - { - "name" : "oval:org.mitre.oval:def:1078", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078" - }, - { - "name" : "oval:org.mitre.oval:def:1728", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728" - }, - { - "name" : "oval:org.mitre.oval:def:1765", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765" - }, - { - "name" : "oval:org.mitre.oval:def:1768", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768" - }, - { - "name" : "oval:org.mitre.oval:def:1845", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845" - }, - { - "name" : "oval:org.mitre.oval:def:1961", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961" - }, - { - "name" : "1016291", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016291" - }, - { - "name" : "19762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \"exceptional conditions\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1768", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768" + }, + { + "name": "oval:org.mitre.oval:def:1961", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961" + }, + { + "name": "http://secunia.com/secunia_research/2006-41/advisory", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-41/advisory" + }, + { + "name": "ADV-2006-2319", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2319" + }, + { + "name": "1016291", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016291" + }, + { + "name": "TA06-164A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" + }, + { + "name": "20060614 Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437099/100/0/threaded" + }, + { + "name": "17820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17820" + }, + { + "name": "oval:org.mitre.oval:def:1078", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078" + }, + { + "name": "27475", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27475" + }, + { + "name": "oval:org.mitre.oval:def:1845", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845" + }, + { + "name": "VU#338828", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/338828" + }, + { + "name": "oval:org.mitre.oval:def:1728", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728" + }, + { + "name": "MS06-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" + }, + { + "name": "oval:org.mitre.oval:def:1765", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765" + }, + { + "name": "19762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19762" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2752.json b/2006/2xxx/CVE-2006-2752.json index 7fd529012d6..463fc57908d 100644 --- a/2006/2xxx/CVE-2006-2752.json +++ b/2006/2xxx/CVE-2006-2752.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SA:2006:029", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/archive/1/435491/100/0/threaded" - }, - { - "name" : "20396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20396" + }, + { + "name": "SUSE-SA:2006:029", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/archive/1/435491/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6800.json b/2006/6xxx/CVE-2006-6800.json index 844aa1563f6..1625199b401 100644 --- a/2006/6xxx/CVE-2006-6800.json +++ b/2006/6xxx/CVE-2006-6800.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061228 Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455409/100/0/threaded" - }, - { - "name" : "3028", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3028" - }, - { - "name" : "21798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21798" - }, - { - "name" : "ADV-2006-5194", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5194" - }, - { - "name" : "31010", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31010" - }, - { - "name" : "1017452", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017452" - }, - { - "name" : "23527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23527" - }, - { - "name" : "2059", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2059" - }, - { - "name" : "limbocms-mod-file-include(31124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23527" + }, + { + "name": "2059", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2059" + }, + { + "name": "31010", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31010" + }, + { + "name": "1017452", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017452" + }, + { + "name": "ADV-2006-5194", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5194" + }, + { + "name": "21798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21798" + }, + { + "name": "limbocms-mod-file-include(31124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31124" + }, + { + "name": "3028", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3028" + }, + { + "name": "20061228 Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455409/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5627.json b/2008/5xxx/CVE-2008-5627.json index ccac01c1508..91f99b697c5 100644 --- a/2008/5xxx/CVE-2008-5627.json +++ b/2008/5xxx/CVE-2008-5627.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7282", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7282" - }, - { - "name" : "32941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32941" - }, - { - "name" : "activetrade-account-sql-injection(46911)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32941" + }, + { + "name": "activetrade-account-sql-injection(46911)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46911" + }, + { + "name": "7282", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7282" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2242.json b/2011/2xxx/CVE-2011-2242.json index 530a679524b..6f37354e4bf 100644 --- a/2011/2xxx/CVE-2011-2242.json +++ b/2011/2xxx/CVE-2011-2242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, related to XML DB FTP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, related to XML DB FTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2390.json b/2011/2xxx/CVE-2011-2390.json index 2f1c83a6168..e6a13cfe2de 100644 --- a/2011/2xxx/CVE-2011-2390.json +++ b/2011/2xxx/CVE-2011-2390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2678.json b/2011/2xxx/CVE-2011-2678.json index 959a48983fd..9373ce43640 100644 --- a/2011/2xxx/CVE-2011-2678.json +++ b/2011/2xxx/CVE-2011-2678.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518638/100/0/threaded" - }, - { - "name" : "http://isc.sans.edu/diary.html?storyid=11125", - "refsource" : "MISC", - "url" : "http://isc.sans.edu/diary.html?storyid=11125" - }, - { - "name" : "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml" - }, - { - "name" : "8297", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8297" - }, - { - "name" : "cisco-vpn-cvpnd-priv-esc(68485)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded" + }, + { + "name": "http://isc.sans.edu/diary.html?storyid=11125", + "refsource": "MISC", + "url": "http://isc.sans.edu/diary.html?storyid=11125" + }, + { + "name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml" + }, + { + "name": "8297", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8297" + }, + { + "name": "cisco-vpn-cvpnd-priv-esc(68485)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2819.json b/2011/2xxx/CVE-2011-2819.json index 294864b6fa6..1f8a40e0ac8 100644 --- a/2011/2xxx/CVE-2011-2819.json +++ b/2011/2xxx/CVE-2011-2819.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=90222", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=90222" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "74258", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74258" - }, - { - "name" : "oval:org.mitre.oval:def:13716", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13716" - }, - { - "name" : "google-chrome-uri-security-bypass(68969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=90222", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=90222" + }, + { + "name": "74258", + "refsource": "OSVDB", + "url": "http://osvdb.org/74258" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "oval:org.mitre.oval:def:13716", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13716" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + }, + { + "name": "google-chrome-uri-security-bypass(68969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68969" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2924.json b/2011/2xxx/CVE-2011-2924.json index 34ae6c3fe57..ea706ec52d6 100644 --- a/2011/2xxx/CVE-2011-2924.json +++ b/2011/2xxx/CVE-2011-2924.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2924", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2924", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3023.json b/2011/3xxx/CVE-2011-3023.json index 621899a3c6c..2541cc98705 100644 --- a/2011/3xxx/CVE-2011-3023.json +++ b/2011/3xxx/CVE-2011-3023.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=112259", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=112259" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14643", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14643" - }, - { - "name" : "48016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=112259", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=112259" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html" + }, + { + "name": "48016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48016" + }, + { + "name": "oval:org.mitre.oval:def:14643", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14643" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3265.json b/2011/3xxx/CVE-2011-3265.json index 410466e5d21..7b9dee60143 100644 --- a/2011/3xxx/CVE-2011-3265.json +++ b/2011/3xxx/CVE-2011-3265.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.zabbix.com/browse/ZBX-3840", - "refsource" : "CONFIRM", - "url" : "https://support.zabbix.com/browse/ZBX-3840" - }, - { - "name" : "https://support.zabbix.com/browse/ZBX-3955", - "refsource" : "CONFIRM", - "url" : "https://support.zabbix.com/browse/ZBX-3955" - }, - { - "name" : "FEDORA-2011-12485", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066110.html" - }, - { - "name" : "FEDORA-2011-12489", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066092.html" - }, - { - "name" : "49277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49277" - }, - { - "name" : "zabbix-popup-path-disclosure(69376)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.zabbix.com/browse/ZBX-3840", + "refsource": "CONFIRM", + "url": "https://support.zabbix.com/browse/ZBX-3840" + }, + { + "name": "FEDORA-2011-12489", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066092.html" + }, + { + "name": "49277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49277" + }, + { + "name": "https://support.zabbix.com/browse/ZBX-3955", + "refsource": "CONFIRM", + "url": "https://support.zabbix.com/browse/ZBX-3955" + }, + { + "name": "zabbix-popup-path-disclosure(69376)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69376" + }, + { + "name": "FEDORA-2011-12485", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066110.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3281.json b/2011/3xxx/CVE-2011-3281.json index cacdd9324c8..d92575fb116 100644 --- a/2011/3xxx/CVE-2011-3281.json +++ b/2011/3xxx/CVE-2011-3281.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID CSCto68554." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24124", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24124" - }, - { - "name" : "20110928 Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d57.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID CSCto68554." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110928 Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d57.shtml" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24124", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24124" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3719.json b/2011/3xxx/CVE-2011-3719.json index 0d61f5073e7..48cbe2652f1 100644 --- a/2011/3xxx/CVE-2011-3719.json +++ b/2011/3xxx/CVE-2011-3719.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CodeIgniter_1.7.2", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CodeIgniter_1.7.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CodeIgniter_1.7.2", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CodeIgniter_1.7.2" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3780.json b/2011/3xxx/CVE-2011-3780.json index df5370ec724..810fd5620c9 100644 --- a/2011/3xxx/CVE-2011-3780.json +++ b/2011/3xxx/CVE-2011-3780.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP iCalendar 2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by rss/rss_common.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpicalendar-2.4", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpicalendar-2.4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP iCalendar 2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by rss/rss_common.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpicalendar-2.4", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpicalendar-2.4" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4326.json b/2011/4xxx/CVE-2011-4326.json index 16af07e615d..fe1bb90c7c0 100644 --- a/2011/4xxx/CVE-2011-4326.json +++ b/2011/4xxx/CVE-2011-4326.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111121 Re: CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/21/10" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a9cf73ea7ff78f52662c8658d93c226effbbedde", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a9cf73ea7ff78f52662c8658d93c226effbbedde" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=682066", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=682066" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=755584", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=755584" - }, - { - "name" : "https://github.com/torvalds/linux/commit/a9cf73ea7ff78f52662c8658d93c226effbbedde", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/a9cf73ea7ff78f52662c8658d93c226effbbedde" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100156038", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100156038" - }, - { - "name" : "50751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50751" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100156038", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100156038" + }, + { + "name": "[oss-security] 20111121 Re: CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/21/10" + }, + { + "name": "https://github.com/torvalds/linux/commit/a9cf73ea7ff78f52662c8658d93c226effbbedde", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/a9cf73ea7ff78f52662c8658d93c226effbbedde" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=682066", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682066" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=755584", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=755584" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a9cf73ea7ff78f52662c8658d93c226effbbedde", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a9cf73ea7ff78f52662c8658d93c226effbbedde" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0147.json b/2013/0xxx/CVE-2013-0147.json index e3444214af2..40c0b92e0ee 100644 --- a/2013/0xxx/CVE-2013-0147.json +++ b/2013/0xxx/CVE-2013-0147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0147", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0147", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0478.json b/2013/0xxx/CVE-2013-0478.json index ecf3cb4b2fa..5f5c064e006 100644 --- a/2013/0xxx/CVE-2013-0478.json +++ b/2013/0xxx/CVE-2013-0478.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21624952", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21624952" - }, - { - "name" : "mdm-web-xss(81482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21624952", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624952" + }, + { + "name": "mdm-web-xss(81482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81482" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0621.json b/2013/0xxx/CVE-2013-0621.json index e5ddc0cb2a8..2e58a30246f 100644 --- a/2013/0xxx/CVE-2013-0621.json +++ b/2013/0xxx/CVE-2013-0621.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, and CVE-2013-0617." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0150", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0150.html" - }, - { - "name" : "SUSE-SU-2013:0044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" - }, - { - "name" : "SUSE-SU-2013:0047", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" - }, - { - "name" : "openSUSE-SU-2013:0193", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" - }, - { - "name" : "oval:org.mitre.oval:def:16226", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, and CVE-2013-0617." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" + }, + { + "name": "SUSE-SU-2013:0047", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:0193", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" + }, + { + "name": "openSUSE-SU-2013:0138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" + }, + { + "name": "oval:org.mitre.oval:def:16226", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16226" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-02.html" + }, + { + "name": "RHSA-2013:0150", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0150.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0915.json b/2013/0xxx/CVE-2013-0915.json index 82fc855212a..4d671f8930d 100644 --- a/2013/0xxx/CVE-2013-0915.json +++ b/2013/0xxx/CVE-2013-0915.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an \"overflow.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=181083", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=181083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an \"overflow.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=181083", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=181083" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1401.json b/2013/1xxx/CVE-2013-1401.json index 9b890f26e15..494db40d8c1 100644 --- a/2013/1xxx/CVE-2013-1401.json +++ b/2013/1xxx/CVE-2013-1401.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1401", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1401", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1848.json b/2013/1xxx/CVE-2013-1848.json index b46bff81707..dca05d5fa87 100644 --- a/2013/1xxx/CVE-2013-1848.json +++ b/2013/1xxx/CVE-2013-1848.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130320 CVE-2013-1848 -- Linux kernel: ext3: format string issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/20/8" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=920783", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=920783" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - }, - { - "name" : "RHSA-2013:0928", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0928.html" - }, - { - "name" : "RHSA-2013:1026", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1026.html" - }, - { - "name" : "RHSA-2013:1051", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1051.html" - }, - { - "name" : "openSUSE-SU-2013:0925", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" - }, - { - "name" : "USN-1809-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1809-1" - }, - { - "name" : "USN-1811-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1811-1" - }, - { - "name" : "USN-1812-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1812-1" - }, - { - "name" : "USN-1813-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1813-1" - }, - { - "name" : "USN-1814-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1814-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc" + }, + { + "name": "USN-1812-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1812-1" + }, + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "RHSA-2013:1051", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html" + }, + { + "name": "RHSA-2013:0928", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html" + }, + { + "name": "USN-1809-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1809-1" + }, + { + "name": "USN-1814-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1814-1" + }, + { + "name": "[oss-security] 20130320 CVE-2013-1848 -- Linux kernel: ext3: format string issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/20/8" + }, + { + "name": "USN-1813-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1813-1" + }, + { + "name": "openSUSE-SU-2013:0925", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=920783", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920783" + }, + { + "name": "RHSA-2013:1026", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html" + }, + { + "name": "USN-1811-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1811-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4926.json b/2013/4xxx/CVE-2013-4926.json index 5baff123a41..4c2b06c7be3 100644 --- a/2013/4xxx/CVE-2013-4926.json +++ b/2013/4xxx/CVE-2013-4926.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcom-sysact.c?r1=50478&r2=50477&pathrev=50478", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcom-sysact.c?r1=50478&r2=50477&pathrev=50478" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50478", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50478" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2013-44.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2013-44.html" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "oval:org.mitre.oval:def:17547", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17547" - }, - { - "name" : "54296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54296" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcom-sysact.c?r1=50478&r2=50477&pathrev=50478", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcom-sysact.c?r1=50478&r2=50477&pathrev=50478" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2013-44.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2013-44.html" + }, + { + "name": "oval:org.mitre.oval:def:17547", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17547" + }, + { + "name": "54296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54296" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50478", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50478" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5003.json b/2013/5xxx/CVE-2013-5003.json index 3d95b1655dc..07061877df5 100644 --- a/2013/5xxx/CVE-2013-5003.json +++ b/2013/5xxx/CVE-2013-5003.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php" - }, - { - "name" : "61923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61923" - }, - { - "name" : "59832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61923" + }, + { + "name": "59832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59832" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5018.json b/2013/5xxx/CVE-2013-5018.json index c721dad207e..78cc3bdaff3 100644 --- a/2013/5xxx/CVE-2013-5018.json +++ b/2013/5xxx/CVE-2013-5018.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Users] 20130729 [strongSwan] charon crash right after xauth+rsa client connects (strongswan-5.0.4, ubuntu 12.04)", - "refsource" : "MLIST", - "url" : "https://lists.strongswan.org/pipermail/users/2013-July/009540.html" - }, - { - "name" : "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html", - "refsource" : "CONFIRM", - "url" : "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html" - }, - { - "name" : "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html", - "refsource" : "CONFIRM", - "url" : "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html" - }, - { - "name" : "openSUSE-SU-2013:1332", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html" - }, - { - "name" : "openSUSE-SU-2013:1333", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html" - }, - { - "name" : "openSUSE-SU-2013:1372", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html" - }, - { - "name" : "61564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61564" - }, - { - "name" : "54315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54315" - }, - { - "name" : "54524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54315" + }, + { + "name": "61564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61564" + }, + { + "name": "54524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54524" + }, + { + "name": "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html", + "refsource": "CONFIRM", + "url": "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html" + }, + { + "name": "openSUSE-SU-2013:1333", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html" + }, + { + "name": "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html", + "refsource": "CONFIRM", + "url": "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html" + }, + { + "name": "openSUSE-SU-2013:1332", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html" + }, + { + "name": "[Users] 20130729 [strongSwan] charon crash right after xauth+rsa client connects (strongswan-5.0.4, ubuntu 12.04)", + "refsource": "MLIST", + "url": "https://lists.strongswan.org/pipermail/users/2013-July/009540.html" + }, + { + "name": "openSUSE-SU-2013:1372", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5134.json b/2013/5xxx/CVE-2013-5134.json index 78761c05a9c..7d3b21848a1 100644 --- a/2013/5xxx/CVE-2013-5134.json +++ b/2013/5xxx/CVE-2013-5134.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5134", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was assigned to an issue that is not within the scope of CVE. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5134", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was assigned to an issue that is not within the scope of CVE. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5705.json b/2013/5xxx/CVE-2013-5705.json index fbc49e87a08..975d64e174f 100644 --- a/2013/5xxx/CVE-2013-5705.json +++ b/2013/5xxx/CVE-2013-5705.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://martin.swende.se/blog/HTTPChunked.html", - "refsource" : "MISC", - "url" : "http://martin.swende.se/blog/HTTPChunked.html" - }, - { - "name" : "https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d", - "refsource" : "CONFIRM", - "url" : "https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d" - }, - { - "name" : "DSA-2991", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d", + "refsource": "CONFIRM", + "url": "https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d" + }, + { + "name": "DSA-2991", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2991" + }, + { + "name": "http://martin.swende.se/blog/HTTPChunked.html", + "refsource": "MISC", + "url": "http://martin.swende.se/blog/HTTPChunked.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2803.json b/2014/2xxx/CVE-2014-2803.json index 069bb3fdb0f..7e82155c5c4 100644 --- a/2014/2xxx/CVE-2014-2803.json +++ b/2014/2xxx/CVE-2014-2803.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68385" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68385" + }, + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0265.json b/2017/0xxx/CVE-2017-0265.json index d141871a905..511ca8819d6 100644 --- a/2017/0xxx/CVE-2017-0265.json +++ b/2017/0xxx/CVE-2017-0265.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft PowerPoint for Mac 2011" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Microsoft PowerPoint for Mac 2011" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0265", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0265" - }, - { - "name" : "98285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98285" - }, - { - "name" : "1038448", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038448", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038448" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0265", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0265" + }, + { + "name": "98285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98285" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0806.json b/2017/0xxx/CVE-2017-0806.json index 2850e9f3801..5518f5ab4c9 100644 --- a/2017/0xxx/CVE-2017-0806.json +++ b/2017/0xxx/CVE-2017-0806.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-0806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-0806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-10-01" - }, - { - "name" : "101086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900" + }, + { + "name": "101086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101086" + }, + { + "name": "https://source.android.com/security/bulletin/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-10-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000015.json b/2017/1000xxx/CVE-2017-1000015.json index 812a26925ae..cf29dfcefd2 100644 --- a/2017/1000xxx/CVE-2017-1000015.json +++ b/2017/1000xxx/CVE-2017-1000015.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.267196", - "ID" : "CVE-2017-1000015", - "REQUESTER" : "security@phpmyadmin.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "phpMyAdmin", - "version" : { - "version_data" : [ - { - "version_value" : "All 4.6.x versions (prior to 4.6.6), 4.4.x versions (prior to 4.4.15.10), and 4.0.x versions (prior to 4.0.10.19) are affected." - } - ] - } - } - ] - }, - "vendor_name" : "phpMyAdmin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CSS injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.267196", + "ID": "CVE-2017-1000015", + "REQUESTER": "security@phpmyadmin.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2017-4", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2017-4" - }, - { - "name" : "95726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95726" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2017-4", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2017-4" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000026.json b/2017/1000xxx/CVE-2017-1000026.json index 35d3e21e024..df4e97d4f8a 100644 --- a/2017/1000xxx/CVE-2017-1000026.json +++ b/2017/1000xxx/CVE-2017-1000026.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.276048", - "ID" : "CVE-2017-1000026", - "REQUESTER" : "thom@chef.io", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mixlib-archive", - "version" : { - "version_data" : [ - { - "version_value" : "0.3.0 or older" - } - ] - } - } - ] - }, - "vendor_name" : "Chef Software, Inc" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using \"..\" in tar archive entries" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.276048", + "ID": "CVE-2017-1000026", + "REQUESTER": "thom@chef.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/chef/mixlib-archive/blob/master/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/chef/mixlib-archive/blob/master/CHANGELOG.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using \"..\" in tar archive entries" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chef/mixlib-archive/blob/master/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/chef/mixlib-archive/blob/master/CHANGELOG.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12079.json b/2017/12xxx/CVE-2017-12079.json index ff196316444..0fbd0387460 100644 --- a/2017/12xxx/CVE-2017-12079.json +++ b/2017/12xxx/CVE-2017-12079.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-12079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Photo Station", - "version" : { - "version_data" : [ - { - "version_value" : "before 6.8.1-3458" - }, - { - "version_value" : "before 6.3-2970" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Files or Directories Accessible to External Parties (CWE-552)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-12079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photo Station", + "version": { + "version_data": [ + { + "version_value": "before 6.8.1-3458" + }, + { + "version_value": "before 6.3-2970" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Files or Directories Accessible to External Parties (CWE-552)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12375.json b/2017/12xxx/CVE-2017-12375.json index 0d8671ba696..9046b3b575d 100644 --- a/2017/12xxx/CVE-2017-12375.json +++ b/2017/12xxx/CVE-2017-12375.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ClamAV AntiVirus software versions 0.99.2 and prior", - "version" : { - "version_data" : [ - { - "version_value" : "ClamAV AntiVirus software versions 0.99.2 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ClamAV AntiVirus software versions 0.99.2 and prior", + "version": { + "version_data": [ + { + "version_value": "ClamAV AntiVirus software versions 0.99.2 and prior" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" - }, - { - "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" - }, - { - "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11940", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11940" - }, - { - "name" : "USN-3550-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3550-1/" - }, - { - "name" : "USN-3550-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3550-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3550-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3550-1/" + }, + { + "name": "USN-3550-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3550-2/" + }, + { + "name": "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" + }, + { + "name": "https://bugzilla.clamav.net/show_bug.cgi?id=11940", + "refsource": "CONFIRM", + "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11940" + }, + { + "name": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", + "refsource": "CONFIRM", + "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12785.json b/2017/12xxx/CVE-2017-12785.json index 6f978ffc82d..6b66cb13ef8 100644 --- a/2017/12xxx/CVE-2017-12785.json +++ b/2017/12xxx/CVE-2017-12785.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the \"show log cli\" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42518", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42518/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the \"show log cli\" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42518", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42518/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16059.json b/2017/16xxx/CVE-2017-16059.json index 88a566fa2c6..bc1140d10af 100644 --- a/2017/16xxx/CVE-2017-16059.json +++ b/2017/16xxx/CVE-2017-16059.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mssql-node node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded Malicious Code (CWE-506)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mssql-node node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/480", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded Malicious Code (CWE-506)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/480", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/480" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16187.json b/2017/16xxx/CVE-2017-16187.json index 6a383fcc109..96dcbb87cfd 100644 --- a/2017/16xxx/CVE-2017-16187.json +++ b/2017/16xxx/CVE-2017-16187.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "open-device node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "open-device node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/open-device", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/open-device" - }, - { - "name" : "https://nodesecurity.io/advisories/447", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/447", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/447" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/open-device", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/open-device" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16640.json b/2017/16xxx/CVE-2017-16640.json index c6c9c4250d5..d265fb91393 100644 --- a/2017/16xxx/CVE-2017-16640.json +++ b/2017/16xxx/CVE-2017-16640.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16640", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16640", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16698.json b/2017/16xxx/CVE-2017-16698.json index 825d96daf94..a8ee111416e 100644 --- a/2017/16xxx/CVE-2017-16698.json +++ b/2017/16xxx/CVE-2017-16698.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16698", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16698", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4090.json b/2017/4xxx/CVE-2017-4090.json index 57968879022..00e3bf8d4d2 100644 --- a/2017/4xxx/CVE-2017-4090.json +++ b/2017/4xxx/CVE-2017-4090.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4090", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4090", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4169.json b/2017/4xxx/CVE-2017-4169.json index 5974938cce6..8383830b8b3 100644 --- a/2017/4xxx/CVE-2017-4169.json +++ b/2017/4xxx/CVE-2017-4169.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4169", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4169", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4417.json b/2017/4xxx/CVE-2017-4417.json index 327737e8169..ccd0cfad02c 100644 --- a/2017/4xxx/CVE-2017-4417.json +++ b/2017/4xxx/CVE-2017-4417.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4417", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4417", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4921.json b/2017/4xxx/CVE-2017-4921.json index 46ef2b7a7f6..27e36f9a9af 100644 --- a/2017/4xxx/CVE-2017-4921.json +++ b/2017/4xxx/CVE-2017-4921.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2017-4921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2017-4921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2017-0013.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2017-0013.html" - }, - { - "name" : "100006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100006" - }, - { - "name" : "1039013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html" + }, + { + "name": "1039013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039013" + }, + { + "name": "100006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100006" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18238.json b/2018/18xxx/CVE-2018-18238.json index 71e1b796d15..671bfcb27b0 100644 --- a/2018/18xxx/CVE-2018-18238.json +++ b/2018/18xxx/CVE-2018-18238.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18238", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18238", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5364.json b/2018/5xxx/CVE-2018-5364.json index 2b2d4ef2e10..609836c9a7b 100644 --- a/2018/5xxx/CVE-2018-5364.json +++ b/2018/5xxx/CVE-2018-5364.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9003", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/9003", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9003" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5455.json b/2018/5xxx/CVE-2018-5455.json index 0ce668a0049..fae520b27e3 100644 --- a/2018/5xxx/CVE-2018-5455.json +++ b/2018/5xxx/CVE-2018-5455.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-5455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa OnCell G3100-HSPA Series", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa OnCell G3100-HSPA Series" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-565" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-5455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa OnCell G3100-HSPA Series", + "version": { + "version_data": [ + { + "version_value": "Moxa OnCell G3100-HSPA Series" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-565" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5598.json b/2018/5xxx/CVE-2018-5598.json index 1d2ff20464f..9bff5e580d3 100644 --- a/2018/5xxx/CVE-2018-5598.json +++ b/2018/5xxx/CVE-2018-5598.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5598", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5598", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5616.json b/2018/5xxx/CVE-2018-5616.json index 2da9a53edc0..cb223d4e703 100644 --- a/2018/5xxx/CVE-2018-5616.json +++ b/2018/5xxx/CVE-2018-5616.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5616", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5616", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file