diff --git a/2001/0xxx/CVE-2001-0154.json b/2001/0xxx/CVE-2001-0154.json index eef70611869..b74ebc21900 100644 --- a/2001/0xxx/CVE-2001-0154.json +++ b/2001/0xxx/CVE-2001-0154.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98596775905044&w=2" - }, - { - "name" : "MS01-020", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-020" - }, - { - "name" : "CA-2001-06", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-06.html" - }, - { - "name" : "L-066", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-066.shtml" - }, - { - "name" : "2524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2524" - }, - { - "name" : "7806", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7806" - }, - { - "name" : "oval:org.mitre.oval:def:141", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A141" - }, - { - "name" : "1001197", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1001197" - }, - { - "name" : "ie-mime-execute-code(6306)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2001-06", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-06.html" + }, + { + "name": "MS01-020", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-020" + }, + { + "name": "2524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2524" + }, + { + "name": "1001197", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1001197" + }, + { + "name": "ie-mime-execute-code(6306)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6306" + }, + { + "name": "L-066", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-066.shtml" + }, + { + "name": "oval:org.mitre.oval:def:141", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A141" + }, + { + "name": "20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98596775905044&w=2" + }, + { + "name": "7806", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7806" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0367.json b/2001/0xxx/CVE-2001-0367.json index bc9561c43c3..aa712c3f863 100644 --- a/2001/0xxx/CVE-2001-0367.json +++ b/2001/0xxx/CVE-2001-0367.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010428 Mirabilis ICQ WebFront Plug-in Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98847544303438&w=2" - }, - { - "name" : "2664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010428 Mirabilis ICQ WebFront Plug-in Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98847544303438&w=2" + }, + { + "name": "2664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2664" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0566.json b/2001/0xxx/CVE-2001-0566.json index a0ef61913e2..ed8878f9064 100644 --- a/2001/0xxx/CVE-2001-0566.json +++ b/2001/0xxx/CVE-2001-0566.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010503 Cisco Catalyst 2900XL crashes with empty UDP packet when SNMP is disabled. ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0040.html" - }, - { - "name" : "cisco-catalyst-udp-dos(6515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20010503 Cisco Catalyst 2900XL crashes with empty UDP packet when SNMP is disabled.", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0040.html" + }, + { + "name": "cisco-catalyst-udp-dos(6515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6515" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0891.json b/2001/0xxx/CVE-2001-0891.json index f4e3c240177..a3cc4dcf9c3 100644 --- a/2001/0xxx/CVE-2001-0891.json +++ b/2001/0xxx/CVE-2001-0891.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011127 UNICOS LOCAL HOLE ALL VERSIONS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100695627423924&w=2" - }, - { - "name" : "20020101-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I" - }, - { - "name" : "3590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3590" - }, - { - "name" : "3275", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3275" - }, - { - "name" : "unicos-nqsd-format-string(7618)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3275", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3275" + }, + { + "name": "20011127 UNICOS LOCAL HOLE ALL VERSIONS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100695627423924&w=2" + }, + { + "name": "3590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3590" + }, + { + "name": "unicos-nqsd-format-string(7618)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7618" + }, + { + "name": "20020101-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1173.json b/2001/1xxx/CVE-2001-1173.json index f1612442c7c..77ecbd969a6 100644 --- a/2001/1xxx/CVE-2001-1173.json +++ b/2001/1xxx/CVE-2001-1173.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://innominate.org/oku/masqmail/ChangeLog-stable", - "refsource" : "CONFIRM", - "url" : "ftp://innominate.org/oku/masqmail/ChangeLog-stable" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://innominate.org/oku/masqmail/ChangeLog-stable", + "refsource": "CONFIRM", + "url": "ftp://innominate.org/oku/masqmail/ChangeLog-stable" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1307.json b/2001/1xxx/CVE-2001-1307.json index 97a1d19fb39..c4d9ac42a84 100644 --- a/2001/1xxx/CVE-2001-1307.json +++ b/2001/1xxx/CVE-2001-1307.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#276944", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/276944" - }, - { - "name" : "CA-2001-18", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-18.html" - }, - { - "name" : "20011102-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/JPLA-4WESMM", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/JPLA-4WESMM" - }, - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" - }, - { - "name" : "iplanet-ldap-protos-bo(6893)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6893" - }, - { - "name" : "3038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3038" + }, + { + "name": "CA-2001-18", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-18.html" + }, + { + "name": "20011102-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" + }, + { + "name": "iplanet-ldap-protos-bo(6893)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6893" + }, + { + "name": "VU#276944", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/276944" + }, + { + "name": "http://www.kb.cert.org/vuls/id/JPLA-4WESMM", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/JPLA-4WESMM" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2557.json b/2006/2xxx/CVE-2006-2557.json index a458ad7d0b2..517df422bda 100644 --- a/2006/2xxx/CVE-2006-2557.json +++ b/2006/2xxx/CVE-2006-2557.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060515 Newsportal: code injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0308.html" - }, - { - "name" : "20060517 Newsportal <= 0.36 Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0325.html" - }, - { - "name" : "1789", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1789" - }, - { - "name" : "http://florian-amrhein.de/newsportal/forum/article?id=1&group=amrhein.newsportal", - "refsource" : "CONFIRM", - "url" : "http://florian-amrhein.de/newsportal/forum/article?id=1&group=amrhein.newsportal" - }, - { - "name" : "18000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18000" - }, - { - "name" : "ADV-2006-1838", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1838" - }, - { - "name" : "25531", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25531" - }, - { - "name" : "25577", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25577" - }, - { - "name" : "20119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20119" - }, - { - "name" : "20128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20128" - }, - { - "name" : "947", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/947" - }, - { - "name" : "newsportal-poll-code-execution(26471)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26471" - }, - { - "name" : "trnewsportal-poll-file-include(26439)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "trnewsportal-poll-file-include(26439)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26439" + }, + { + "name": "25531", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25531" + }, + { + "name": "18000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18000" + }, + { + "name": "20060515 Newsportal: code injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0308.html" + }, + { + "name": "http://florian-amrhein.de/newsportal/forum/article?id=1&group=amrhein.newsportal", + "refsource": "CONFIRM", + "url": "http://florian-amrhein.de/newsportal/forum/article?id=1&group=amrhein.newsportal" + }, + { + "name": "newsportal-poll-code-execution(26471)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26471" + }, + { + "name": "947", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/947" + }, + { + "name": "1789", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1789" + }, + { + "name": "25577", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25577" + }, + { + "name": "20128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20128" + }, + { + "name": "ADV-2006-1838", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1838" + }, + { + "name": "20119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20119" + }, + { + "name": "20060517 Newsportal <= 0.36 Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0325.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2735.json b/2006/2xxx/CVE-2006-2735.json index b39f8964ea3..561700c1d35 100644 --- a/2006/2xxx/CVE-2006-2735.json +++ b/2006/2xxx/CVE-2006-2735.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 Advisory: phpBB 2.x (Activity MOD Plus) File InclusionVulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435286/100/0/threaded" - }, - { - "name" : "20060529 RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435298/100/0/threaded" - }, - { - "name" : "20060528 Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability.", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0709.html" - }, - { - "name" : "http://www.nukedx.com/?getxpl=38", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?getxpl=38" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=38", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=38" - }, - { - "name" : "http://phpbb-tweaks.com/topics.html-p-17623#17623", - "refsource" : "CONFIRM", - "url" : "http://phpbb-tweaks.com/topics.html-p-17623#17623" - }, - { - "name" : "18155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18155" - }, - { - "name" : "ADV-2006-2045", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2045" - }, - { - "name" : "25821", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25821" - }, - { - "name" : "20354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20354" - }, - { - "name" : "1001", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1001" - }, - { - "name" : "activitymodplus-multiple-file-include(26857)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nukedx.com/?viewdoc=38", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=38" + }, + { + "name": "20060529 RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435298/100/0/threaded" + }, + { + "name": "http://phpbb-tweaks.com/topics.html-p-17623#17623", + "refsource": "CONFIRM", + "url": "http://phpbb-tweaks.com/topics.html-p-17623#17623" + }, + { + "name": "1001", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1001" + }, + { + "name": "20060528 Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability.", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0709.html" + }, + { + "name": "18155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18155" + }, + { + "name": "25821", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25821" + }, + { + "name": "activitymodplus-multiple-file-include(26857)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26857" + }, + { + "name": "20060528 Advisory: phpBB 2.x (Activity MOD Plus) File InclusionVulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435286/100/0/threaded" + }, + { + "name": "ADV-2006-2045", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2045" + }, + { + "name": "20354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20354" + }, + { + "name": "http://www.nukedx.com/?getxpl=38", + "refsource": "MISC", + "url": "http://www.nukedx.com/?getxpl=38" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5010.json b/2008/5xxx/CVE-2008-5010.json index 827f9845134..517e1682860 100644 --- a/2008/5xxx/CVE-2008-5010.json +++ b/2008/5xxx/CVE-2008-5010.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the \"number of offers,\" aka Bug ID 6713805." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-109077-21-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-109077-21-1" - }, - { - "name" : "243806", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1" - }, - { - "name" : "32213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32213" - }, - { - "name" : "oval:org.mitre.oval:def:5668", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5668" - }, - { - "name" : "ADV-2008-3088", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3088" - }, - { - "name" : "1021157", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021157" - }, - { - "name" : "32668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32668" - }, - { - "name" : "sun-solaris-dhcp-code-execution(46480)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the \"number of offers,\" aka Bug ID 6713805." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3088", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3088" + }, + { + "name": "oval:org.mitre.oval:def:5668", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5668" + }, + { + "name": "sun-solaris-dhcp-code-execution(46480)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46480" + }, + { + "name": "243806", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243806-1" + }, + { + "name": "32668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32668" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-109077-21-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-109077-21-1" + }, + { + "name": "1021157", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021157" + }, + { + "name": "32213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32213" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5083.json b/2008/5xxx/CVE-2008-5083.json index 1b38042b5dc..e0faf5f8b86 100644 --- a/2008/5xxx/CVE-2008-5083.json +++ b/2008/5xxx/CVE-2008-5083.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5083", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5083", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5182.json b/2008/5xxx/CVE-2008-5182.json index b00c3f0cb1d..97f5f02ed27 100644 --- a/2008/5xxx/CVE-2008-5182.json +++ b/2008/5xxx/CVE-2008-5182.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081209 rPSA-2008-0332-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499044/100/0/threaded" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc5", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc5" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2915", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2915" - }, - { - "name" : "DSA-1681", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1681" - }, - { - "name" : "FEDORA-2008-11618", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html" - }, - { - "name" : "RHSA-2009:0225", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0225.html" - }, - { - "name" : "RHSA-2009:0053", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0053.html" - }, - { - "name" : "SUSE-SA:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html" - }, - { - "name" : "SUSE-SA:2009:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html" - }, - { - "name" : "USN-715-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-715-1" - }, - { - "name" : "USN-714-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/714-1/" - }, - { - "name" : "33503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33503" - }, - { - "name" : "oval:org.mitre.oval:def:10584", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10584" - }, - { - "name" : "33623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33623" - }, - { - "name" : "32998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32998" - }, - { - "name" : "33641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33641" - }, - { - "name" : "33704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33704" - }, - { - "name" : "33756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33756" - }, - { - "name" : "33706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33706" - }, - { - "name" : "33854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33854" - }, - { - "name" : "33348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33348" - }, - { - "name" : "33083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32998" + }, + { + "name": "20081209 rPSA-2008-0332-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499044/100/0/threaded" + }, + { + "name": "RHSA-2009:0225", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0225.html" + }, + { + "name": "oval:org.mitre.oval:def:10584", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10584" + }, + { + "name": "33706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33706" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2915", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2915" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc5", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc5" + }, + { + "name": "33641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33641" + }, + { + "name": "RHSA-2009:0053", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0053.html" + }, + { + "name": "33503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33503" + }, + { + "name": "33756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33756" + }, + { + "name": "FEDORA-2008-11618", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html" + }, + { + "name": "33348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33348" + }, + { + "name": "33623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33623" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332" + }, + { + "name": "33083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33083" + }, + { + "name": "USN-714-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/714-1/" + }, + { + "name": "USN-715-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-715-1" + }, + { + "name": "33854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33854" + }, + { + "name": "33704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33704" + }, + { + "name": "DSA-1681", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1681" + }, + { + "name": "SUSE-SA:2009:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html" + }, + { + "name": "SUSE-SA:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5364.json b/2008/5xxx/CVE-2008-5364.json index 448a449ad2e..28e1b733db3 100644 --- a/2008/5xxx/CVE-2008-5364.json +++ b/2008/5xxx/CVE-2008-5364.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081104 Multiple Vendor NOS Microsystems getPlus Downloader Stack Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-19.html" - }, - { - "name" : "32105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32105" - }, - { - "name" : "ADV-2008-3002", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081104 Multiple Vendor NOS Microsystems getPlus Downloader Stack Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-19.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html" + }, + { + "name": "32105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32105" + }, + { + "name": "ADV-2008-3002", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3002" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5565.json b/2008/5xxx/CVE-2008-5565.json index 88a54f399da..40d7a216f3c 100644 --- a/2008/5xxx/CVE-2008-5565.json +++ b/2008/5xxx/CVE-2008-5565.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7365", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7365" - }, - { - "name" : "33038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33038" - }, - { - "name" : "4730", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4730", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4730" + }, + { + "name": "33038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33038" + }, + { + "name": "7365", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7365" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2185.json b/2011/2xxx/CVE-2011-2185.json index 2001890664d..3baa1e7a326 100644 --- a/2011/2xxx/CVE-2011-2185.json +++ b/2011/2xxx/CVE-2011-2185.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110603 CVE Request -- fabric -- Use of insecure temporary file by uploading templates and projects to remote hosts", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/03/5" - }, - { - "name" : "[oss-security] 20110606 Re: CVE Request -- fabric -- Use of insecure temporary file by uploading templates and projects to remote hosts", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/06/12" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629003", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629003" - }, - { - "name" : "http://code.fabfile.org/projects/fabric/files/Fabric-1.1.0.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://code.fabfile.org/projects/fabric/files/Fabric-1.1.0.tar.gz" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=710462", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=710462" - }, - { - "name" : "FEDORA-2011-8964", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062534.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110606 Re: CVE Request -- fabric -- Use of insecure temporary file by uploading templates and projects to remote hosts", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/06/12" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629003", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629003" + }, + { + "name": "FEDORA-2011-8964", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062534.html" + }, + { + "name": "[oss-security] 20110603 CVE Request -- fabric -- Use of insecure temporary file by uploading templates and projects to remote hosts", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/03/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=710462", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=710462" + }, + { + "name": "http://code.fabfile.org/projects/fabric/files/Fabric-1.1.0.tar.gz", + "refsource": "CONFIRM", + "url": "http://code.fabfile.org/projects/fabric/files/Fabric-1.1.0.tar.gz" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2618.json b/2011/2xxx/CVE-2011-2618.json index 8a065ed8d01..06e72408d75 100644 --- a/2011/2xxx/CVE-2011-2618.json +++ b/2011/2xxx/CVE-2011-2618.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1150/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1150/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1150/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1150/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2650.json b/2011/2xxx/CVE-2011-2650.json index 3d12964939f..7830c3710fe 100644 --- a/2011/2xxx/CVE-2011-2650.json +++ b/2011/2xxx/CVE-2011-2650.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/security/cve/CVE-2011-2650.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2011-2650.html" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=701816", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=701816" - }, - { - "name" : "SUSE-SU-2011:0917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html" - }, - { - "name" : "49236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49236" - }, - { - "name" : "kiwi-rpm-info-xss(69285)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49236" + }, + { + "name": "kiwi-rpm-info-xss(69285)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69285" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=701816", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=701816" + }, + { + "name": "SUSE-SU-2011:0917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html" + }, + { + "name": "http://support.novell.com/security/cve/CVE-2011-2650.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2011-2650.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2728.json b/2011/2xxx/CVE-2011-2728.json index 7739d35d258..fbd5962111c 100644 --- a/2011/2xxx/CVE-2011-2728.json +++ b/2011/2xxx/CVE-2011-2728.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77", - "refsource" : "MISC", - "url" : "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77" - }, - { - "name" : "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=742987", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=742987" - }, - { - "name" : "FEDORA-2011-15484", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html" - }, - { - "name" : "49858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49858" - }, - { - "name" : "46172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod" + }, + { + "name": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77", + "refsource": "MISC", + "url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1" + }, + { + "name": "FEDORA-2011-15484", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html" + }, + { + "name": "49858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49858" + }, + { + "name": "46172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46172" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=742987", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2729.json b/2011/2xxx/CVE-2011-2729.json index 18a4c3418e0..0ab053949ac 100644 --- a/2011/2xxx/CVE-2011-2729.json +++ b/2011/2xxx/CVE-2011-2729.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110812 [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519263/100/0/threaded" - }, - { - "name" : "[commons-dev] 20110812 [AANNOUNCE] Apache Commons Daemon 1.0.7 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108@apache.org%3E" - }, - { - "name" : "[tomcat-announce] 20110812 [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306@apache.org%3E" - }, - { - "name" : "http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch", - "refsource" : "CONFIRM", - "url" : "http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1152701", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1152701" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1153379", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1153379" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1153824", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1153824" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=730400", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=730400" - }, - { - "name" : "https://issues.apache.org/jira/browse/DAEMON-214", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/DAEMON-214" - }, - { - "name" : "HPSBUX02725", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132215163318824&w=2" - }, - { - "name" : "SSRT100627", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132215163318824&w=2" - }, - { - "name" : "HPSBUX02860", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "SSRT101146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "HPSBOV02762", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "SSRT100825", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "RHSA-2011:1291", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1291.html" - }, - { - "name" : "RHSA-2011:1292", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1292.html" - }, - { - "name" : "openSUSE-SU-2011:1062", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html" - }, - { - "name" : "49143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49143" - }, - { - "name" : "oval:org.mitre.oval:def:14743", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743" - }, - { - "name" : "oval:org.mitre.oval:def:19450", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450" - }, - { - "name" : "1025925", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025925" - }, - { - "name" : "46030", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46030" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - }, - { - "name" : "tomcat-jsvc-info-disclosure(69161)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tomcat-jsvc-info-disclosure(69161)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69161" + }, + { + "name": "openSUSE-SU-2011:1062", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1153824", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1153824" + }, + { + "name": "HPSBUX02860", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "1025925", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025925" + }, + { + "name": "http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch", + "refsource": "CONFIRM", + "url": "http://people.apache.org/~markt/patches/2011-08-12-cve2011-2729-tc5.patch" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "HPSBOV02762", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=730400", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730400" + }, + { + "name": "RHSA-2011:1291", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1291.html" + }, + { + "name": "SSRT100627", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1152701", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1152701" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1153379", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1153379" + }, + { + "name": "20110812 [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519263/100/0/threaded" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "[commons-dev] 20110812 [AANNOUNCE] Apache Commons Daemon 1.0.7 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201108.mbox/%3C4E451B2B.9090108@apache.org%3E" + }, + { + "name": "https://issues.apache.org/jira/browse/DAEMON-214", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/DAEMON-214" + }, + { + "name": "49143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49143" + }, + { + "name": "oval:org.mitre.oval:def:19450", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19450" + }, + { + "name": "SSRT100825", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "46030", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46030" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "HPSBUX02725", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132215163318824&w=2" + }, + { + "name": "RHSA-2011:1292", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1292.html" + }, + { + "name": "SSRT101146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "[tomcat-announce] 20110812 [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C4E45221D.1020306@apache.org%3E" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + }, + { + "name": "oval:org.mitre.oval:def:14743", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14743" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2777.json b/2011/2xxx/CVE-2011-2777.json index 2133b076242..3c058b2b9ba 100644 --- a/2011/2xxx/CVE-2011-2777.json +++ b/2011/2xxx/CVE-2011-2777.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3245.json b/2011/3xxx/CVE-2011-3245.json index c3a54dc9cae..ebacd38eb88 100644 --- a/2011/3xxx/CVE-2011-3245.json +++ b/2011/3xxx/CVE-2011-3245.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "76329", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76329" - }, - { - "name" : "appleios-keyboard-info-disc(70555)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "76329", + "refsource": "OSVDB", + "url": "http://osvdb.org/76329" + }, + { + "name": "appleios-keyboard-info-disc(70555)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70555" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3417.json b/2011/3xxx/CVE-2011-3417.json index d19da8df511..83fae7adec2 100644 --- a/2011/3xxx/CVE-2011-3417.json +++ b/2011/3xxx/CVE-2011-3417.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka \"ASP.NET Forms Authentication Ticket Caching Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-3417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-100", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100" - }, - { - "name" : "TA11-347A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" - }, - { - "name" : "51203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51203" - }, - { - "name" : "oval:org.mitre.oval:def:14625", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka \"ASP.NET Forms Authentication Ticket Caching Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-347A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" + }, + { + "name": "MS11-100", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100" + }, + { + "name": "51203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51203" + }, + { + "name": "oval:org.mitre.oval:def:14625", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3672.json b/2011/3xxx/CVE-2011-3672.json index d9a49bec50d..7346dd86103 100644 --- a/2011/3xxx/CVE-2011-3672.json +++ b/2011/3xxx/CVE-2011-3672.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3672", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-3672", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3764.json b/2011/3xxx/CVE-2011-3764.json index 2f5d3e9510e..4ec0817e16e 100644 --- a/2011/3xxx/CVE-2011-3764.json +++ b/2011/3xxx/CVE-2011-3764.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/opendocman-1.2.6-svn-2011-01-21", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/opendocman-1.2.6-svn-2011-01-21" - }, - { - "name" : "opendocman-userpermsclass-path-disclosure(70608)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + }, + { + "name": "opendocman-userpermsclass-path-disclosure(70608)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70608" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/opendocman-1.2.6-svn-2011-01-21", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/opendocman-1.2.6-svn-2011-01-21" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0194.json b/2013/0xxx/CVE-2013-0194.json index 4c2f8227690..d8d4f82d699 100644 --- a/2013/0xxx/CVE-2013-0194.json +++ b/2013/0xxx/CVE-2013-0194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0217.json b/2013/0xxx/CVE-2013-0217.json index 323e9c4c839..467c7b9f60c 100644 --- a/2013/0xxx/CVE-2013-0217.json +++ b/2013/0xxx/CVE-2013-0217.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130205 Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/05/12" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d5145d8eb2b9791533ffe4dc003b129b9696c48", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d5145d8eb2b9791533ffe4dc003b129b9696c48" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=910883", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=910883" - }, - { - "name" : "https://github.com/torvalds/linux/commit/7d5145d8eb2b9791533ffe4dc003b129b9696c48", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/7d5145d8eb2b9791533ffe4dc003b129b9696c48" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=910883", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=910883" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d5145d8eb2b9791533ffe4dc003b129b9696c48", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d5145d8eb2b9791533ffe4dc003b129b9696c48" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.8" + }, + { + "name": "https://github.com/torvalds/linux/commit/7d5145d8eb2b9791533ffe4dc003b129b9696c48", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/7d5145d8eb2b9791533ffe4dc003b129b9696c48" + }, + { + "name": "[oss-security] 20130205 Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/05/12" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0636.json b/2013/0xxx/CVE-2013-0636.json index 398a15fb22f..15ba29842bf 100644 --- a/2013/0xxx/CVE-2013-0636.json +++ b/2013/0xxx/CVE-2013-0636.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-0636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-06.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-06.html" - }, - { - "name" : "TA13-043A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-06.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-06.html" + }, + { + "name": "TA13-043A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043A.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1675.json b/2013/1xxx/CVE-2013-1675.json index 45b2e07be9f..30c7cf96732 100644 --- a/2013/1xxx/CVE-2013-1675.json +++ b/2013/1xxx/CVE-2013-1675.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-47.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-47.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=866825", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=866825" - }, - { - "name" : "DSA-2699", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2699" - }, - { - "name" : "MDVSA-2013:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" - }, - { - "name" : "RHSA-2013:0820", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0820.html" - }, - { - "name" : "RHSA-2013:0821", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0821.html" - }, - { - "name" : "openSUSE-SU-2013:0831", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:0834", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" - }, - { - "name" : "openSUSE-SU-2013:0825", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0929", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" - }, - { - "name" : "openSUSE-SU-2013:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" - }, - { - "name" : "USN-1822-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1822-1" - }, - { - "name" : "USN-1823-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1823-1" - }, - { - "name" : "59858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59858" - }, - { - "name" : "oval:org.mitre.oval:def:16976", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2699", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2699" + }, + { + "name": "MDVSA-2013:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" + }, + { + "name": "openSUSE-SU-2013:0825", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=866825", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=866825" + }, + { + "name": "USN-1823-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1823-1" + }, + { + "name": "RHSA-2013:0821", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0821.html" + }, + { + "name": "openSUSE-SU-2013:0929", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-47.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-47.html" + }, + { + "name": "oval:org.mitre.oval:def:16976", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976" + }, + { + "name": "openSUSE-SU-2013:0831", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" + }, + { + "name": "RHSA-2013:0820", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0820.html" + }, + { + "name": "openSUSE-SU-2013:0834", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" + }, + { + "name": "openSUSE-SU-2013:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" + }, + { + "name": "59858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59858" + }, + { + "name": "USN-1822-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1822-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1733.json b/2013/1xxx/CVE-2013-1733.json index da99f8ab2a7..3d7e186a888 100644 --- a/2013/1xxx/CVE-2013-1733.json +++ b/2013/1xxx/CVE-2013-1733.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/4.0.10/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/4.0.10/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=911593", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=911593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=911593", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911593" + }, + { + "name": "http://www.bugzilla.org/security/4.0.10/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/4.0.10/" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1868.json b/2013/1xxx/CVE-2013-1868.json index 7139d1c4bde..0d354e07f4d 100644 --- a/2013/1xxx/CVE-2013-1868.json +++ b/2013/1xxx/CVE-2013-1868.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130319 Re: CVE Request: VLC Buffer overflows", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=136367945627336&w=2" - }, - { - "name" : "http://www.videolan.org/security/sa1301.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/security/sa1301.html" - }, - { - "name" : "57079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57079" - }, - { - "name" : "oval:org.mitre.oval:def:17226", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17226" - }, - { - "name" : "59793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59793" + }, + { + "name": "[oss-security] 20130319 Re: CVE Request: VLC Buffer overflows", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=136367945627336&w=2" + }, + { + "name": "http://www.videolan.org/security/sa1301.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/security/sa1301.html" + }, + { + "name": "57079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57079" + }, + { + "name": "oval:org.mitre.oval:def:17226", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17226" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1974.json b/2013/1xxx/CVE-2013-1974.json index e420d07e853..c73335f3cf1 100644 --- a/2013/1xxx/CVE-2013-1974.json +++ b/2013/1xxx/CVE-2013-1974.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1974", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1974", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4272.json b/2013/4xxx/CVE-2013-4272.json index 501b26c83cf..52604963a13 100644 --- a/2013/4xxx/CVE-2013-4272.json +++ b/2013/4xxx/CVE-2013-4272.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130822 Re: CVE request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/08/22/2" - }, - { - "name" : "https://drupal.org/node/2065057", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2065057" - }, - { - "name" : "https://drupal.org/node/2064781", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2064781" - }, - { - "name" : "https://drupal.org/node/2064783", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2064783" - }, - { - "name" : "https://drupal.org/node/2064785", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2064785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drupal.org/node/2064785", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2064785" + }, + { + "name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/08/22/2" + }, + { + "name": "https://drupal.org/node/2064783", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2064783" + }, + { + "name": "https://drupal.org/node/2065057", + "refsource": "MISC", + "url": "https://drupal.org/node/2065057" + }, + { + "name": "https://drupal.org/node/2064781", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2064781" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4674.json b/2013/4xxx/CVE-2013-4674.json index 800c2145109..1bbaf6504f8 100644 --- a/2013/4xxx/CVE-2013-4674.json +++ b/2013/4xxx/CVE-2013-4674.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-4674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00" - }, - { - "name" : "61290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61290" - }, - { - "name" : "95581", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95581" - }, - { - "name" : "1028820", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028820" - }, - { - "name" : "54214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54214" - }, - { - "name" : "symantec-encryption-cve20134674-xss(85902)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61290" + }, + { + "name": "symantec-encryption-cve20134674-xss(85902)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85902" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00" + }, + { + "name": "54214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54214" + }, + { + "name": "95581", + "refsource": "OSVDB", + "url": "http://osvdb.org/95581" + }, + { + "name": "1028820", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028820" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5227.json b/2013/5xxx/CVE-2013-5227.json index 7d337a68d06..a355b6a0502 100644 --- a/2013/5xxx/CVE-2013-5227.json +++ b/2013/5xxx/CVE-2013-5227.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6162", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6162" - }, - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "APPLE-SA-2013-12-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0087.html" - }, - { - "name" : "APPLE-SA-2013-12-16-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "64355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-12-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0087.html" + }, + { + "name": "64355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64355" + }, + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "http://support.apple.com/kb/HT6162", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6162" + }, + { + "name": "APPLE-SA-2013-12-16-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5313.json b/2013/5xxx/CVE-2013-5313.json index d4e4b096111..7bfa7a1413b 100644 --- a/2013/5xxx/CVE-2013-5313.json +++ b/2013/5xxx/CVE-2013-5313.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834", - "refsource" : "CONFIRM", - "url" : "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834", + "refsource": "CONFIRM", + "url": "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5334.json b/2013/5xxx/CVE-2013-5334.json index 2c1955a5fa3..2e725bf57ee 100644 --- a/2013/5xxx/CVE-2013-5334.json +++ b/2013/5xxx/CVE-2013-5334.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5333." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-5334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/shockwave/apsb13-29.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/shockwave/apsb13-29.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5333." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/shockwave/apsb13-29.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/shockwave/apsb13-29.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5425.json b/2013/5xxx/CVE-2013-5425.json index a18afcc6074..09772311b22 100644 --- a/2013/5xxx/CVE-2013-5425.json +++ b/2013/5xxx/CVE-2013-5425.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652405", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652405" - }, - { - "name" : "PM93828", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93828" - }, - { - "name" : "was-ve-cve20135425-xss(87487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM93828", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93828" + }, + { + "name": "was-ve-cve20135425-xss(87487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87487" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21652405", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652405" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0207.json b/2017/0xxx/CVE-2017-0207.json index 53924301f6c..71ba9cbd092 100644 --- a/2017/0xxx/CVE-2017-0207.json +++ b/2017/0xxx/CVE-2017-0207.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outlook", - "version" : { - "version_data" : [ - { - "version_value" : "Outlook for Mac 2011" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka \"Microsoft Browser Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outlook", + "version": { + "version_data": [ + { + "version_value": "Outlook for Mac 2011" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0207", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0207" - }, - { - "name" : "97463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97463" - }, - { - "name" : "1038242", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka \"Microsoft Browser Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038242", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038242" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0207", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0207" + }, + { + "name": "97463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97463" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000207.json b/2017/1000xxx/CVE-2017-1000207.json index b12941fc1ca..6ef6bb69a68 100644 --- a/2017/1000xxx/CVE-2017-1000207.json +++ b/2017/1000xxx/CVE-2017-1000207.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.436081", - "ID" : "CVE-2017-1000207", - "REQUESTER" : "mmo@semmle.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Swagger Parser", - "version" : { - "version_data" : [ - { - "version_value" : "Swagger Parser <= 1.0.30 and Swagger codegen <= 2.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.436081", + "ID": "CVE-2017-1000207", + "REQUESTER": "mmo@semmle.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208", - "refsource" : "MISC", - "url" : "https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208" - }, - { - "name" : "https://github.com/swagger-api/swagger-parser/pull/481", - "refsource" : "CONFIRM", - "url" : "https://github.com/swagger-api/swagger-parser/pull/481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208", + "refsource": "MISC", + "url": "https://lgtm.com/blog/swagger_snakeyaml_CVE-2017-1000207_CVE-2017-1000208" + }, + { + "name": "https://github.com/swagger-api/swagger-parser/pull/481", + "refsource": "CONFIRM", + "url": "https://github.com/swagger-api/swagger-parser/pull/481" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12203.json b/2017/12xxx/CVE-2017-12203.json index 61a43d43ebb..89eb738e094 100644 --- a/2017/12xxx/CVE-2017-12203.json +++ b/2017/12xxx/CVE-2017-12203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12203", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12203", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12293.json b/2017/12xxx/CVE-2017-12293.json index ffe745af834..cae8cb7a24c 100644 --- a/2017/12xxx/CVE-2017-12293.json +++ b/2017/12xxx/CVE-2017-12293.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx Meetings Server", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco WebEx Meetings Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the server and exhausting server resources. A successful exploit could cause the server to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf41006." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx Meetings Server", + "version": { + "version_data": [ + { + "version_value": "Cisco WebEx Meetings Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms" - }, - { - "name" : "101492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101492" - }, - { - "name" : "1039618", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the server and exhausting server resources. A successful exploit could cause the server to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf41006." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms" + }, + { + "name": "101492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101492" + }, + { + "name": "1039618", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039618" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12515.json b/2017/12xxx/CVE-2017-12515.json index 8e46cce23b6..6b2adc86e68 100644 --- a/2017/12xxx/CVE-2017-12515.json +++ b/2017/12xxx/CVE-2017-12515.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12815.json b/2017/12xxx/CVE-2017-12815.json index 5cd267e4fa9..7f56604bacd 100644 --- a/2017/12xxx/CVE-2017-12815.json +++ b/2017/12xxx/CVE-2017-12815.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using and/or tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180322 Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541885/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using and/or tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180322 Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541885/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16080.json b/2017/16xxx/CVE-2017-16080.json index 3e845f14a3c..5e6d4151060 100644 --- a/2017/16xxx/CVE-2017-16080.json +++ b/2017/16xxx/CVE-2017-16080.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nodesass node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded Malicious Code (CWE-506)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nodesass node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/519", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded Malicious Code (CWE-506)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/519", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/519" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16499.json b/2017/16xxx/CVE-2017-16499.json index 4a941a00a6f..24800af86b0 100644 --- a/2017/16xxx/CVE-2017-16499.json +++ b/2017/16xxx/CVE-2017-16499.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16499", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16499", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4002.json b/2017/4xxx/CVE-2017-4002.json index 61a1c6cff1a..a7f19694a09 100644 --- a/2017/4xxx/CVE-2017-4002.json +++ b/2017/4xxx/CVE-2017-4002.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4002", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4002", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4636.json b/2017/4xxx/CVE-2017-4636.json index 4999adb4a2f..d6c68d0768b 100644 --- a/2017/4xxx/CVE-2017-4636.json +++ b/2017/4xxx/CVE-2017-4636.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4636", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4636", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4693.json b/2017/4xxx/CVE-2017-4693.json index 7f6dd5c0669..ce9a8cb3dc8 100644 --- a/2017/4xxx/CVE-2017-4693.json +++ b/2017/4xxx/CVE-2017-4693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4693", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4693", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4819.json b/2017/4xxx/CVE-2017-4819.json index 77329f5c767..8d152ea1d8e 100644 --- a/2017/4xxx/CVE-2017-4819.json +++ b/2017/4xxx/CVE-2017-4819.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4819", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4819", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5130.json b/2018/5xxx/CVE-2018-5130.json index 285a64991eb..354b9695f79 100644 --- a/2018/5xxx/CVE-2018-5130.json +++ b/2018/5xxx/CVE-2018-5130.json @@ -1,124 +1,124 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.7" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "59" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Mismatched RTP payload type can trigger memory corruption" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.7" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "59" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1433005", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1433005" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-06/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-07/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-07/" - }, - { - "name" : "DSA-4139", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4139" - }, - { - "name" : "GLSA-201810-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-01" - }, - { - "name" : "RHSA-2018:0526", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0526" - }, - { - "name" : "RHSA-2018:0527", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0527" - }, - { - "name" : "USN-3596-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3596-1/" - }, - { - "name" : "103388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103388" - }, - { - "name" : "1040514", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Mismatched RTP payload type can trigger memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4139", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4139" + }, + { + "name": "GLSA-201810-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-01" + }, + { + "name": "103388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103388" + }, + { + "name": "RHSA-2018:0527", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0527" + }, + { + "name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-07/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/" + }, + { + "name": "RHSA-2018:0526", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0526" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1433005", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1433005" + }, + { + "name": "1040514", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040514" + }, + { + "name": "USN-3596-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3596-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5225.json b/2018/5xxx/CVE-2018-5225.json index f0dffcfa515..cc5ff1f7a66 100644 --- a/2018/5xxx/CVE-2018-5225.json +++ b/2018/5xxx/CVE-2018-5225.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-03-22T10:00:00", - "ID" : "CVE-2018-5225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Bitbucket Server", - "version" : { - "version_data" : [ - { - "version_affected" : ">=", - "version_value" : "4.13.0" - }, - { - "version_affected" : "<", - "version_value" : "5.4.8" - }, - { - "version_affected" : ">=", - "version_value" : "5.5.0" - }, - { - "version_affected" : "<", - "version_value" : "5.5.8" - }, - { - "version_affected" : ">=", - "version_value" : "5.6.0" - }, - { - "version_affected" : "<", - "version_value" : "5.6.5" - }, - { - "version_affected" : ">=", - "version_value" : "5.7.0" - }, - { - "version_affected" : "<", - "version_value" : "5.7.3" - }, - { - "version_affected" : ">=", - "version_value" : "5.8.0" - }, - { - "version_affected" : "<", - "version_value" : "5.8.2" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-03-22T10:00:00", + "ID": "CVE-2018-5225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "4.13.0" + }, + { + "version_affected": "<", + "version_value": "5.4.8" + }, + { + "version_affected": ">=", + "version_value": "5.5.0" + }, + { + "version_affected": "<", + "version_value": "5.5.8" + }, + { + "version_affected": ">=", + "version_value": "5.6.0" + }, + { + "version_affected": "<", + "version_value": "5.6.5" + }, + { + "version_affected": ">=", + "version_value": "5.7.0" + }, + { + "version_affected": "<", + "version_value": "5.7.3" + }, + { + "version_affected": ">=", + "version_value": "5.8.0" + }, + { + "version_affected": "<", + "version_value": "5.8.2" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/BSERV-10684", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/BSERV-10684" - }, - { - "name" : "https://confluence.atlassian.com/x/3WNsO", - "refsource" : "CONFIRM", - "url" : "https://confluence.atlassian.com/x/3WNsO" - }, - { - "name" : "103488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/BSERV-10684", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/BSERV-10684" + }, + { + "name": "103488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103488" + }, + { + "name": "https://confluence.atlassian.com/x/3WNsO", + "refsource": "CONFIRM", + "url": "https://confluence.atlassian.com/x/3WNsO" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5535.json b/2018/5xxx/CVE-2018-5535.json index a185b5fb794..aad5d572a0f 100644 --- a/2018/5xxx/CVE-2018-5535.json +++ b/2018/5xxx/CVE-2018-5535.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-07-18T00:00:00", - "ID" : "CVE-2018-5535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", - "version" : { - "version_data" : [ - { - "version_value" : "14.0.0" - }, - { - "version_value" : "13.0.0-13.1.0" - }, - { - "version_value" : "12.1.0-12.1.3" - }, - { - "version_value" : "11.5.1-11.6.3" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-07-18T00:00:00", + "ID": "CVE-2018-5535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", + "version": { + "version_data": [ + { + "version_value": "14.0.0" + }, + { + "version_value": "13.0.0-13.1.0" + }, + { + "version_value": "12.1.0-12.1.3" + }, + { + "version_value": "11.5.1-11.6.3" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K19634255", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K19634255" - }, - { - "name" : "1041344", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K19634255", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K19634255" + }, + { + "name": "1041344", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041344" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5596.json b/2018/5xxx/CVE-2018-5596.json index d2f72e9dad5..2f244f06b60 100644 --- a/2018/5xxx/CVE-2018-5596.json +++ b/2018/5xxx/CVE-2018-5596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5596", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5596", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5732.json b/2018/5xxx/CVE-2018-5732.json index 634ff3b6794..7e65e2ffcce 100644 --- a/2018/5xxx/CVE-2018-5732.json +++ b/2018/5xxx/CVE-2018-5732.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5732", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5732", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file