From 19635091c6b45be2df6cf084071f0351c36af1b3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:41:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/1xxx/CVE-2001-1094.json | 140 +++++++------- 2001/1xxx/CVE-2001-1279.json | 190 +++++++++--------- 2001/1xxx/CVE-2001-1335.json | 140 +++++++------- 2001/1xxx/CVE-2001-1475.json | 130 ++++++------- 2006/2xxx/CVE-2006-2207.json | 34 ++-- 2006/2xxx/CVE-2006-2215.json | 34 ++-- 2006/2xxx/CVE-2006-2326.json | 160 +++++++-------- 2006/2xxx/CVE-2006-2522.json | 170 ++++++++-------- 2006/2xxx/CVE-2006-2750.json | 200 +++++++++---------- 2006/6xxx/CVE-2006-6135.json | 180 ++++++++--------- 2008/5xxx/CVE-2008-5476.json | 34 ++-- 2008/5xxx/CVE-2008-5904.json | 150 +++++++-------- 2011/2xxx/CVE-2011-2496.json | 160 +++++++-------- 2011/2xxx/CVE-2011-2577.json | 190 +++++++++--------- 2011/2xxx/CVE-2011-2811.json | 170 ++++++++-------- 2011/3xxx/CVE-2011-3553.json | 290 ++++++++++++++-------------- 2011/3xxx/CVE-2011-3620.json | 160 +++++++-------- 2011/3xxx/CVE-2011-3651.json | 250 ++++++++++++------------ 2011/3xxx/CVE-2011-3668.json | 140 +++++++------- 2011/3xxx/CVE-2011-3967.json | 140 +++++++------- 2011/4xxx/CVE-2011-4244.json | 120 ++++++------ 2013/0xxx/CVE-2013-0010.json | 140 +++++++------- 2013/0xxx/CVE-2013-0040.json | 34 ++-- 2013/0xxx/CVE-2013-0135.json | 150 +++++++-------- 2013/0xxx/CVE-2013-0165.json | 34 ++-- 2013/0xxx/CVE-2013-0321.json | 150 +++++++-------- 2013/1xxx/CVE-2013-1286.json | 140 +++++++------- 2013/1xxx/CVE-2013-1596.json | 34 ++-- 2013/1xxx/CVE-2013-1756.json | 160 +++++++-------- 2013/5xxx/CVE-2013-5607.json | 270 +++++++++++++------------- 2013/5xxx/CVE-2013-5889.json | 300 ++++++++++++++--------------- 2014/2xxx/CVE-2014-2452.json | 140 +++++++------- 2014/2xxx/CVE-2014-2577.json | 170 ++++++++-------- 2017/0xxx/CVE-2017-0245.json | 140 +++++++------- 2017/0xxx/CVE-2017-0421.json | 170 ++++++++-------- 2017/0xxx/CVE-2017-0715.json | 156 +++++++-------- 2017/1000xxx/CVE-2017-1000252.json | 240 +++++++++++------------ 2017/12xxx/CVE-2017-12024.json | 34 ++-- 2017/12xxx/CVE-2017-12406.json | 34 ++-- 2017/12xxx/CVE-2017-12413.json | 120 ++++++------ 2017/12xxx/CVE-2017-12584.json | 120 ++++++------ 2017/12xxx/CVE-2017-12957.json | 120 ++++++------ 2017/12xxx/CVE-2017-12968.json | 34 ++-- 2017/16xxx/CVE-2017-16226.json | 142 +++++++------- 2017/16xxx/CVE-2017-16264.json | 34 ++-- 2017/16xxx/CVE-2017-16599.json | 120 ++++++------ 2017/16xxx/CVE-2017-16678.json | 142 +++++++------- 2017/16xxx/CVE-2017-16688.json | 34 ++-- 2017/4xxx/CVE-2017-4045.json | 34 ++-- 2017/4xxx/CVE-2017-4443.json | 34 ++-- 2017/4xxx/CVE-2017-4977.json | 140 +++++++------- 2017/4xxx/CVE-2017-4991.json | 120 ++++++------ 2018/5xxx/CVE-2018-5135.json | 162 ++++++++-------- 2018/5xxx/CVE-2018-5417.json | 34 ++-- 2018/5xxx/CVE-2018-5444.json | 34 ++-- 55 files changed, 3551 insertions(+), 3551 deletions(-) diff --git a/2001/1xxx/CVE-2001-1094.json b/2001/1xxx/CVE-2001-1094.json index 5fc27f372e4..8081a28d78d 100644 --- a/2001/1xxx/CVE-2001-1094.json +++ b/2001/1xxx/CVE-2001-1094.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010911 NetOP School Admin Vulnerability for Windows 2000 Terminal Services and NT4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/213516" - }, - { - "name" : "3321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3321" - }, - { - "name" : "netop-school-bypass-authentication(7120)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netop-school-bypass-authentication(7120)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7120" + }, + { + "name": "3321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3321" + }, + { + "name": "20010911 NetOP School Admin Vulnerability for Windows 2000 Terminal Services and NT4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/213516" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1279.json b/2001/1xxx/CVE-2001-1279.json index 7986efaa95f..bc7e63d2820 100644 --- a/2001/1xxx/CVE-2001-1279.json +++ b/2001/1xxx/CVE-2001-1279.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2001:089", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-089.html" - }, - { - "name" : "FreeBSD-SA-01:48", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc" - }, - { - "name" : "CLA-2002:480", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480" - }, - { - "name" : "MDKSA-2002:032", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php" - }, - { - "name" : "CSSA-2002-025.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt" - }, - { - "name" : "tcpdump-afs-rpc-bo(7006)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7006.php" - }, - { - "name" : "3065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3065" - }, - { - "name" : "VU#797201", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/797201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2002:032", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php" + }, + { + "name": "VU#797201", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/797201" + }, + { + "name": "CSSA-2002-025.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt" + }, + { + "name": "RHSA-2001:089", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-089.html" + }, + { + "name": "tcpdump-afs-rpc-bo(7006)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7006.php" + }, + { + "name": "3065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3065" + }, + { + "name": "CLA-2002:480", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480" + }, + { + "name": "FreeBSD-SA-01:48", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1335.json b/2001/1xxx/CVE-2001-1335.json index e6b29f872b0..f1053e7ae06 100644 --- a/2001/1xxx/CVE-2001-1335.json +++ b/2001/1xxx/CVE-2001-1335.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010527 CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html" - }, - { - "name" : "cesarftp-directory-traversal(6606)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6606.php" - }, - { - "name" : "2786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2786" + }, + { + "name": "cesarftp-directory-traversal(6606)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6606.php" + }, + { + "name": "20010527 CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1475.json b/2001/1xxx/CVE-2001-1475.json index 851f7d209d4..260fad10dad 100644 --- a/2001/1xxx/CVE-2001-1475.json +++ b/2001/1xxx/CVE-2001-1475.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#665372", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/665372" - }, - { - "name" : "ssh-rc4-replay-conversation(6490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ssh-rc4-replay-conversation(6490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6490" + }, + { + "name": "VU#665372", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/665372" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2207.json b/2006/2xxx/CVE-2006-2207.json index 4e8945094c8..45100914c0a 100644 --- a/2006/2xxx/CVE-2006-2207.json +++ b/2006/2xxx/CVE-2006-2207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2207", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2207", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2215.json b/2006/2xxx/CVE-2006-2215.json index 1ad83724cb5..2c2999d89ee 100644 --- a/2006/2xxx/CVE-2006-2215.json +++ b/2006/2xxx/CVE-2006-2215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2215", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2181. Reason: This candidate is a duplicate of CVE-2006-2181. Notes: All CVE users should reference CVE-2006-2181 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-2215", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2181. Reason: This candidate is a duplicate of CVE-2006-2181. Notes: All CVE users should reference CVE-2006-2181 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2326.json b/2006/2xxx/CVE-2006-2326.json index f1ccf34a326..2c41ae4aad7 100644 --- a/2006/2xxx/CVE-2006-2326.json +++ b/2006/2xxx/CVE-2006-2326.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to read arbitrary files via directory traversal sequences in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17889" - }, - { - "name" : "ADV-2006-1704", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1704" - }, - { - "name" : "25451", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25451" - }, - { - "name" : "20005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20005" - }, - { - "name" : "oups-index-directory-traversal(26341)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to read arbitrary files via directory traversal sequences in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17889" + }, + { + "name": "ADV-2006-1704", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1704" + }, + { + "name": "20005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20005" + }, + { + "name": "25451", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25451" + }, + { + "name": "oups-index-directory-traversal(26341)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26341" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2522.json b/2006/2xxx/CVE-2006-2522.json index d20c72c6f11..61665935391 100644 --- a/2006/2xxx/CVE-2006-2522.json +++ b/2006/2xxx/CVE-2006-2522.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://colander.altervista.org/advisory/DayfoxBlog.txt", - "refsource" : "MISC", - "url" : "http://colander.altervista.org/advisory/DayfoxBlog.txt" - }, - { - "name" : "ADV-2006-1904", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1904" - }, - { - "name" : "25689", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25689" - }, - { - "name" : "1016163", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016163" - }, - { - "name" : "20216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20216" - }, - { - "name" : "dayfoxblog-slogusers-information-disclosure(26623)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25689", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25689" + }, + { + "name": "1016163", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016163" + }, + { + "name": "ADV-2006-1904", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1904" + }, + { + "name": "dayfoxblog-slogusers-information-disclosure(26623)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26623" + }, + { + "name": "http://colander.altervista.org/advisory/DayfoxBlog.txt", + "refsource": "MISC", + "url": "http://colander.altervista.org/advisory/DayfoxBlog.txt" + }, + { + "name": "20216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20216" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2750.json b/2006/2xxx/CVE-2006-2750.json index 3646e938699..34e1deda384 100644 --- a/2006/2xxx/CVE-2006-2750.json +++ b/2006/2xxx/CVE-2006-2750.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435380/100/0/threaded" - }, - { - "name" : "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631", - "refsource" : "MISC", - "url" : "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631" - }, - { - "name" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt", - "refsource" : "MISC", - "url" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=576483", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=576483" - }, - { - "name" : "18169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18169" - }, - { - "name" : "1016178", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016178" - }, - { - "name" : "20341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20341" - }, - { - "name" : "1014", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1014" - }, - { - "name" : "osic-core-xss(26966)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=576483", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=576483" + }, + { + "name": "20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435380/100/0/threaded" + }, + { + "name": "20341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20341" + }, + { + "name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt", + "refsource": "MISC", + "url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt" + }, + { + "name": "osic-core-xss(26966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26966" + }, + { + "name": "1016178", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016178" + }, + { + "name": "1014", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1014" + }, + { + "name": "18169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18169" + }, + { + "name": "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631", + "refsource": "MISC", + "url": "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6135.json b/2006/6xxx/CVE-2006-6135.json index 0ab4c408bda..a14eabe7c76 100644 --- a/2006/6xxx/CVE-2006-6135.json +++ b/2006/6xxx/CVE-2006-6135.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a \"Potential security vulnerability\" (PK29725) and (2) \"Potential security exposure\" (PK30831)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830" - }, - { - "name" : "PK29725", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK29725&apar=only" - }, - { - "name" : "PK30831", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK30831&apar=only" - }, - { - "name" : "21204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21204" - }, - { - "name" : "ADV-2006-4639", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4639" - }, - { - "name" : "23028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a \"Potential security vulnerability\" (PK29725) and (2) \"Potential security exposure\" (PK30831)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951" + }, + { + "name": "PK30831", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK30831&apar=only" + }, + { + "name": "23028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23028" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830" + }, + { + "name": "PK29725", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK29725&apar=only" + }, + { + "name": "21204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21204" + }, + { + "name": "ADV-2006-4639", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4639" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5476.json b/2008/5xxx/CVE-2008-5476.json index de0fee85d72..ab9e1b41649 100644 --- a/2008/5xxx/CVE-2008-5476.json +++ b/2008/5xxx/CVE-2008-5476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5476", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-5476", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5904.json b/2008/5xxx/CVE-2008-5904.json index 308de7d3a12..bf8e3c0e3e3 100644 --- a/2008/5xxx/CVE-2008-5904.json +++ b/2008/5xxx/CVE-2008-5904.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090112 CVE request: xrdp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/01/12/3" - }, - { - "name" : "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf" - }, - { - "name" : "SUSE-SR:2009:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" - }, - { - "name" : "xrdp-rdprdpprocesscolorpointerpdu-bo(48094)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2009:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" + }, + { + "name": "[oss-security] 20090112 CVE request: xrdp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/01/12/3" + }, + { + "name": "xrdp-rdprdpprocesscolorpointerpdu-bo(48094)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48094" + }, + { + "name": "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2496.json b/2011/2xxx/CVE-2011-2496.json index 48c8bd87192..0f7e0ad5939 100644 --- a/2011/2xxx/CVE-2011-2496.json +++ b/2011/2xxx/CVE-2011-2496.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/2" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=716538", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=716538" - }, - { - "name" : "https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=716538", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=716538" + }, + { + "name": "https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/982134ba62618c2d69fbbbd166d0a11ee3b7e3d8" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=982134ba62618c2d69fbbbd166d0a11ee3b7e3d8" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2577.json b/2011/2xxx/CVE-2011-2577.json index b9c55ddbffb..7799bb942b1 100644 --- a/2011/2xxx/CVE-2011-2577.json +++ b/2011/2xxx/CVE-2011-2577.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519698/100/0/threaded" - }, - { - "name" : "17871", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17871" - }, - { - "name" : "20110831 Denial of Service Vulnerability in Cisco TelePresence Codecs", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml" - }, - { - "name" : "49392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49392" - }, - { - "name" : "1025994", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025994" - }, - { - "name" : "8387", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8387" - }, - { - "name" : "8389", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8389" - }, - { - "name" : "cisco-telepresence-codecs-sip-dos(69513)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025994", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025994" + }, + { + "name": "8389", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8389" + }, + { + "name": "8387", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8387" + }, + { + "name": "49392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49392" + }, + { + "name": "cisco-telepresence-codecs-sip-dos(69513)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69513" + }, + { + "name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded" + }, + { + "name": "17871", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17871" + }, + { + "name": "20110831 Denial of Service Vulnerability in Cisco TelePresence Codecs", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b91395.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2811.json b/2011/2xxx/CVE-2011-2811.json index 91ccf547630..c371a63723c 100644 --- a/2011/2xxx/CVE-2011-2811.json +++ b/2011/2xxx/CVE-2011-2811.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "50066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50066" - }, - { - "name" : "oval:org.mitre.oval:def:17051", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:17051", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17051" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "50066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50066" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3553.json b/2011/3xxx/CVE-2011-3553.json index 10a0b7f4413..00f230e4e04 100644 --- a/2011/3xxx/CVE-2011-3553.json +++ b/2011/3xxx/CVE-2011-3553.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02730", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "SSRT100710", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:1384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1384.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "SUSE-SU-2012:0114", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" - }, - { - "name" : "USN-1263-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1263-1" - }, - { - "name" : "50246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50246" - }, - { - "name" : "76512", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76512" - }, - { - "name" : "oval:org.mitre.oval:def:14311", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14311" - }, - { - "name" : "1026215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026215" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - }, - { - "name" : "oracle-jre-jaxws-info-disc(70840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "50246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50246" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "HPSBUX02730", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "SUSE-SU-2012:0114", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT100710", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "RHSA-2011:1384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html" + }, + { + "name": "oval:org.mitre.oval:def:14311", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14311" + }, + { + "name": "oracle-jre-jaxws-info-disc(70840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70840" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "1026215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026215" + }, + { + "name": "USN-1263-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1263-1" + }, + { + "name": "76512", + "refsource": "OSVDB", + "url": "http://osvdb.org/76512" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3620.json b/2011/3xxx/CVE-2011-3620.json index 5a35c2fa119..d167b33914d 100644 --- a/2011/3xxx/CVE-2011-3620.json +++ b/2011/3xxx/CVE-2011-3620.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747078", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747078" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPID-3652", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/QPID-3652" - }, - { - "name" : "https://reviews.apache.org/r/2988/", - "refsource" : "CONFIRM", - "url" : "https://reviews.apache.org/r/2988/" - }, - { - "name" : "1026990", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026990" - }, - { - "name" : "49000", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49000", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49000" + }, + { + "name": "https://issues.apache.org/jira/browse/QPID-3652", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/QPID-3652" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=747078", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747078" + }, + { + "name": "https://reviews.apache.org/r/2988/", + "refsource": "CONFIRM", + "url": "https://reviews.apache.org/r/2988/" + }, + { + "name": "1026990", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026990" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3651.json b/2011/3xxx/CVE-2011-3651.json index 9ce1d76acdf..6cc18e221f4 100644 --- a/2011/3xxx/CVE-2011-3651.json +++ b/2011/3xxx/CVE-2011-3651.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=646968", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=646968" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=652054", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=652054" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665070", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665070" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=671160", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=671160" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=672892", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=672892" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=675515", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=675515" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=676918", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=676918" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=677847", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=677847" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679593", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=679593" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=686044", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=686044" - }, - { - "name" : "SUSE-SU-2011:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html" - }, - { - "name" : "oval:org.mitre.oval:def:14364", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14364" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=677847", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=677847" + }, + { + "name": "oval:org.mitre.oval:def:14364", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14364" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=686044", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=686044" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=665070", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665070" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=671160", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=671160" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=679593", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=679593" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=675515", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=675515" + }, + { + "name": "SUSE-SU-2011:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=672892", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=672892" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=646968", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=646968" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=676918", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=676918" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=652054", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=652054" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3668.json b/2011/3xxx/CVE-2011-3668.json index e3afdebe930..44e2765b5dd 100644 --- a/2011/3xxx/CVE-2011-3668.json +++ b/2011/3xxx/CVE-2011-3668.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.4.12/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.4.12/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=703975", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=703975" - }, - { - "name" : "47368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47368" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47368" + }, + { + "name": "http://www.bugzilla.org/security/3.4.12/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.4.12/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=703975", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=703975" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3967.json b/2011/3xxx/CVE-2011-3967.json index b8ccc709b13..407304824ed 100644 --- a/2011/3xxx/CVE-2011-3967.json +++ b/2011/3xxx/CVE-2011-3967.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=109717", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=109717" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14010", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=109717", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=109717" + }, + { + "name": "oval:org.mitre.oval:def:14010", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14010" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4244.json b/2011/4xxx/CVE-2011-4244.json index 06af7510e51..935cc47c5c9 100644 --- a/2011/4xxx/CVE-2011-4244.json +++ b/2011/4xxx/CVE-2011-4244.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/11182011_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/11182011_player/en/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.real.com/realplayer/security/11182011_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/11182011_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0010.json b/2013/0xxx/CVE-2013-0010.json index ca9f95b6479..aad2de7116f 100644 --- a/2013/0xxx/CVE-2013-0010.json +++ b/2013/0xxx/CVE-2013-0010.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka \"System Center Operations Manager Web Console XSS Vulnerability,\" a different vulnerability than CVE-2013-0009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-003", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-003" - }, - { - "name" : "TA13-008A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-008A.html" - }, - { - "name" : "oval:org.mitre.oval:def:16232", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka \"System Center Operations Manager Web Console XSS Vulnerability,\" a different vulnerability than CVE-2013-0009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-008A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html" + }, + { + "name": "oval:org.mitre.oval:def:16232", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16232" + }, + { + "name": "MS13-003", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-003" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0040.json b/2013/0xxx/CVE-2013-0040.json index d698e41131f..b27842ecede 100644 --- a/2013/0xxx/CVE-2013-0040.json +++ b/2013/0xxx/CVE-2013-0040.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0040", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0040", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0135.json b/2013/0xxx/CVE-2013-0135.json index 7cba8ec48b2..66de71700e7 100644 --- a/2013/0xxx/CVE-2013-0135.json +++ b/2013/0xxx/CVE-2013-0135.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-0135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html", - "refsource" : "MISC", - "url" : "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html" - }, - { - "name" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "VU#183692", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/183692" - }, - { - "name" : "phpaddressbook-checklogin-auth-bypass(99623)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#183692", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/183692" + }, + { + "name": "phpaddressbook-checklogin-auth-bypass(99623)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623" + }, + { + "name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html", + "refsource": "MISC", + "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html" + }, + { + "name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0165.json b/2013/0xxx/CVE-2013-0165.json index 0b522e0c3e8..091a5e7b83b 100644 --- a/2013/0xxx/CVE-2013-0165.json +++ b/2013/0xxx/CVE-2013-0165.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0165", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0165", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0321.json b/2013/0xxx/CVE-2013-0321.json index 4012b37e40e..1105189326d 100644 --- a/2013/0xxx/CVE-2013-0321.json +++ b/2013/0xxx/CVE-2013-0321.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/21/5" - }, - { - "name" : "http://drupal.org/node/1922416", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1922416" - }, - { - "name" : "http://drupal.org/node/1922128", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1922128" - }, - { - "name" : "http://drupalcode.org/project/uc_views.git/commitdiff/157d5d3", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/uc_views.git/commitdiff/157d5d3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/21/5" + }, + { + "name": "http://drupalcode.org/project/uc_views.git/commitdiff/157d5d3", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/uc_views.git/commitdiff/157d5d3" + }, + { + "name": "http://drupal.org/node/1922128", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1922128" + }, + { + "name": "http://drupal.org/node/1922416", + "refsource": "MISC", + "url": "http://drupal.org/node/1922416" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1286.json b/2013/1xxx/CVE-2013-1286.json index 24e3ab68fb5..96423b602b6 100644 --- a/2013/1xxx/CVE-2013-1286.json +++ b/2013/1xxx/CVE-2013-1286.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka \"Windows USB Descriptor Vulnerability,\" a different vulnerability than CVE-2013-1285 and CVE-2013-1287." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-027", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027" - }, - { - "name" : "TA13-071A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" - }, - { - "name" : "oval:org.mitre.oval:def:16591", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka \"Windows USB Descriptor Vulnerability,\" a different vulnerability than CVE-2013-1285 and CVE-2013-1287." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-027", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-027" + }, + { + "name": "oval:org.mitre.oval:def:16591", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16591" + }, + { + "name": "TA13-071A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1596.json b/2013/1xxx/CVE-2013-1596.json index 301f41d03f8..4732ce5c5c1 100644 --- a/2013/1xxx/CVE-2013-1596.json +++ b/2013/1xxx/CVE-2013-1596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1596", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1596", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1756.json b/2013/1xxx/CVE-2013-1756.json index 6c4be9ed069..6f20e0728da 100644 --- a/2013/1xxx/CVE-2013-1756.json +++ b/2013/1xxx/CVE-2013-1756.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277", - "refsource" : "CONFIRM", - "url" : "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277" - }, - { - "name" : "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo" - }, - { - "name" : "58225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58225" - }, - { - "name" : "52380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52380" - }, - { - "name" : "dragonfly-ruby-code-exec(82476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dragonfly-ruby-code-exec(82476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82476" + }, + { + "name": "58225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58225" + }, + { + "name": "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277", + "refsource": "CONFIRM", + "url": "https://github.com/markevans/dragonfly/commit/a8775aacf9e5c81cf11bec34b7afa7f27ddfe277" + }, + { + "name": "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo" + }, + { + "name": "52380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52380" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5607.json b/2013/5xxx/CVE-2013-5607.json index 07dc1cb9e4d..ffd988d63a5 100644 --- a/2013/5xxx/CVE-2013-5607.json +++ b/2013/5xxx/CVE-2013-5607.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-5607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev-tech-nspr] 20131113 [ANNOUNCE] NSPR 4.10.2 Release", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ" - }, - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=927687", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=927687" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" - }, - { - "name" : "DSA-2820", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2820" - }, - { - "name" : "GLSA-201406-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-19.xml" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2013:1791", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1791.html" - }, - { - "name" : "RHSA-2013:1829", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1829.html" - }, - { - "name" : "SUSE-SU-2013:1807", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html" - }, - { - "name" : "openSUSE-SU-2013:1732", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html" - }, - { - "name" : "USN-2031-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2031-1" - }, - { - "name" : "USN-2032-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2032-1" - }, - { - "name" : "USN-2087-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2087-1" - }, - { - "name" : "63802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "DSA-2820", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2820" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "USN-2087-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2087-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=927687", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=927687" + }, + { + "name": "GLSA-201406-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml" + }, + { + "name": "USN-2031-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2031-1" + }, + { + "name": "USN-2032-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2032-1" + }, + { + "name": "RHSA-2013:1791", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html" + }, + { + "name": "[dev-tech-nspr] 20131113 [ANNOUNCE] NSPR 4.10.2 Release", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/_8AcygMEjSA/mm_cqQzLPFQJ" + }, + { + "name": "SUSE-SU-2013:1807", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html" + }, + { + "name": "openSUSE-SU-2013:1732", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html" + }, + { + "name": "63802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63802" + }, + { + "name": "RHSA-2013:1829", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5889.json b/2013/5xxx/CVE-2013-5889.json index e6a05bd7b9c..19d0740fc88 100644 --- a/2013/5xxx/CVE-2013-5889.json +++ b/2013/5xxx/CVE-2013-5889.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0134", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" - }, - { - "name" : "RHSA-2014:0135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2014:0246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" - }, - { - "name" : "SUSE-SU-2014:0266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" - }, - { - "name" : "SUSE-SU-2014:0451", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64931" - }, - { - "name" : "102020", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102020" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "RHSA-2014:0135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "SUSE-SU-2014:0451", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "102020", + "refsource": "OSVDB", + "url": "http://osvdb.org/102020" + }, + { + "name": "SUSE-SU-2014:0266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "SUSE-SU-2014:0246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" + }, + { + "name": "64931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64931" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "RHSA-2014:0134", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2452.json b/2014/2xxx/CVE-2014-2452.json index 05400ac6cbc..63b8b657e9a 100644 --- a/2014/2xxx/CVE-2014-2452.json +++ b/2014/2xxx/CVE-2014-2452.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "66865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66865" + }, + { + "name": "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2577.json b/2014/2xxx/CVE-2014-2577.json index 27240d076ec..e9ba637d2b9 100644 --- a/2014/2xxx/CVE-2014-2577.json +++ b/2014/2xxx/CVE-2014-2577.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140603 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532286/100/0/threaded" - }, - { - "name" : "20140604 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/15" - }, - { - "name" : "http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9", - "refsource" : "CONFIRM", - "url" : "http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9" - }, - { - "name" : "http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14", - "refsource" : "CONFIRM", - "url" : "http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14" - }, - { - "name" : "67810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140604 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/15" + }, + { + "name": "http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9", + "refsource": "CONFIRM", + "url": "http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9" + }, + { + "name": "20140603 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532286/100/0/threaded" + }, + { + "name": "http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14", + "refsource": "CONFIRM", + "url": "http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14" + }, + { + "name": "67810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67810" + }, + { + "name": "http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0245.json b/2017/0xxx/CVE-2017-0245.json index 9221559ca8c..30dfea7f807 100644 --- a/2017/0xxx/CVE-2017-0245.json +++ b/2017/0xxx/CVE-2017-0245.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka \"Win32k Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42008", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42008/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245" - }, - { - "name" : "98115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka \"Win32k Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42008", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42008/" + }, + { + "name": "98115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98115" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0421.json b/2017/0xxx/CVE-2017-0421.json index c4d15d61dc6..73cbc2d51ed 100644 --- a/2017/0xxx/CVE-2017-0421.json +++ b/2017/0xxx/CVE-2017-0421.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96096" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96096" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0715.json b/2017/0xxx/CVE-2017-0715.json index 877d1fa7f3e..5c9e93b62e8 100644 --- a/2017/0xxx/CVE-2017-0715.json +++ b/2017/0xxx/CVE-2017-0715.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-08-07T00:00:00", - "ID" : "CVE-2017-0715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-08-07T00:00:00", + "ID": "CVE-2017-0715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-08-01" - }, - { - "name" : "100204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100204" + }, + { + "name": "https://source.android.com/security/bulletin/2017-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-08-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000252.json b/2017/1000xxx/CVE-2017-1000252.json index 2527dd67e28..e9a6ce611ac 100644 --- a/2017/1000xxx/CVE-2017-1000252.json +++ b/2017/1000xxx/CVE-2017-1000252.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux kernel", - "version" : { - "version_data" : [ - { - "version_value" : "4.13.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Linux" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36ae3c0a36b7456432fedce38ae2f7bd3e01a563", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36ae3c0a36b7456432fedce38ae2f7bd3e01a563" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb" - }, - { - "name" : "http://www.openwall.com/lists/oss-security/2017/09/15/4", - "refsource" : "CONFIRM", - "url" : "http://www.openwall.com/lists/oss-security/2017/09/15/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1490781", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1490781" - }, - { - "name" : "https://github.com/torvalds/linux/commit/36ae3c0a36b7456432fedce38ae2f7bd3e01a563", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/36ae3c0a36b7456432fedce38ae2f7bd3e01a563" - }, - { - "name" : "https://github.com/torvalds/linux/commit/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb" - }, - { - "name" : "https://marc.info/?l=kvm&m=150549145711115&w=2", - "refsource" : "CONFIRM", - "url" : "https://marc.info/?l=kvm&m=150549145711115&w=2" - }, - { - "name" : "https://marc.info/?l=kvm&m=150549146311117&w=2", - "refsource" : "CONFIRM", - "url" : "https://marc.info/?l=kvm&m=150549146311117&w=2" - }, - { - "name" : "DSA-3981", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3981" - }, - { - "name" : "RHSA-2018:0676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0676" - }, - { - "name" : "RHSA-2018:1062", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1062" - }, - { - "name" : "RHSA-2018:1130", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1130" - }, - { - "name" : "101022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101022" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36ae3c0a36b7456432fedce38ae2f7bd3e01a563", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36ae3c0a36b7456432fedce38ae2f7bd3e01a563" + }, + { + "name": "https://github.com/torvalds/linux/commit/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb" + }, + { + "name": "RHSA-2018:1062", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1062" + }, + { + "name": "DSA-3981", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3981" + }, + { + "name": "https://marc.info/?l=kvm&m=150549146311117&w=2", + "refsource": "CONFIRM", + "url": "https://marc.info/?l=kvm&m=150549146311117&w=2" + }, + { + "name": "RHSA-2018:0676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0676" + }, + { + "name": "https://github.com/torvalds/linux/commit/36ae3c0a36b7456432fedce38ae2f7bd3e01a563", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/36ae3c0a36b7456432fedce38ae2f7bd3e01a563" + }, + { + "name": "https://marc.info/?l=kvm&m=150549145711115&w=2", + "refsource": "CONFIRM", + "url": "https://marc.info/?l=kvm&m=150549145711115&w=2" + }, + { + "name": "RHSA-2018:1130", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1130" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/09/15/4", + "refsource": "CONFIRM", + "url": "http://www.openwall.com/lists/oss-security/2017/09/15/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1490781", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490781" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12024.json b/2017/12xxx/CVE-2017-12024.json index 67206d5413e..deb6627a1c6 100644 --- a/2017/12xxx/CVE-2017-12024.json +++ b/2017/12xxx/CVE-2017-12024.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12024", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12024", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12406.json b/2017/12xxx/CVE-2017-12406.json index 79181c2a13b..93019278ff3 100644 --- a/2017/12xxx/CVE-2017-12406.json +++ b/2017/12xxx/CVE-2017-12406.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12406", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12406", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12413.json b/2017/12xxx/CVE-2017-12413.json index 870665ab0fc..b67b22bfdd7 100644 --- a/2017/12xxx/CVE-2017-12413.json +++ b/2017/12xxx/CVE-2017-12413.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/143657/Axis-2100-Network-Camera-2.43-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/143657/Axis-2100-Network-Camera-2.43-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/143657/Axis-2100-Network-Camera-2.43-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/143657/Axis-2100-Network-Camera-2.43-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12584.json b/2017/12xxx/CVE-2017-12584.json index 984f695b086..ae1ddac20d0 100644 --- a/2017/12xxx/CVE-2017-12584.json +++ b/2017/12xxx/CVE-2017-12584.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/slims/slims8_akasia/issues/49", - "refsource" : "CONFIRM", - "url" : "https://github.com/slims/slims8_akasia/issues/49" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/slims/slims8_akasia/issues/49", + "refsource": "CONFIRM", + "url": "https://github.com/slims/slims8_akasia/issues/49" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12957.json b/2017/12xxx/CVE-2017-12957.json index 2d81f5c88e0..5cb1aea1eba 100644 --- a/2017/12xxx/CVE-2017-12957.json +++ b/2017/12xxx/CVE-2017-12957.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482423", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1482423", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482423" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12968.json b/2017/12xxx/CVE-2017-12968.json index 46c8a6dc7d7..d0a0656c8fb 100644 --- a/2017/12xxx/CVE-2017-12968.json +++ b/2017/12xxx/CVE-2017-12968.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12968", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12968", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16226.json b/2017/16xxx/CVE-2017-16226.json index 2a71f8ee91b..843794b8ba6 100644 --- a/2017/16xxx/CVE-2017-16226.json +++ b/2017/16xxx/CVE-2017-16226.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "static-eval node module node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=1.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation (CWE-20)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "static-eval node module node module", + "version": { + "version_data": [ + { + "version_value": "<=1.1.1" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/substack/static-eval/pull/18", - "refsource" : "MISC", - "url" : "https://github.com/substack/static-eval/pull/18" - }, - { - "name" : "https://maustin.net/articles/2017-10/static_eval", - "refsource" : "MISC", - "url" : "https://maustin.net/articles/2017-10/static_eval" - }, - { - "name" : "https://nodesecurity.io/advisories/548", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/548", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/548" + }, + { + "name": "https://maustin.net/articles/2017-10/static_eval", + "refsource": "MISC", + "url": "https://maustin.net/articles/2017-10/static_eval" + }, + { + "name": "https://github.com/substack/static-eval/pull/18", + "refsource": "MISC", + "url": "https://github.com/substack/static-eval/pull/18" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16264.json b/2017/16xxx/CVE-2017-16264.json index bae75dac92e..5a238bb40a0 100644 --- a/2017/16xxx/CVE-2017-16264.json +++ b/2017/16xxx/CVE-2017-16264.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16264", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16264", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16599.json b/2017/16xxx/CVE-2017-16599.json index df95e50f87d..28e54dc2f34 100644 --- a/2017/16xxx/CVE-2017-16599.json +++ b/2017/16xxx/CVE-2017-16599.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetGain Systems Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.730 build 1034" - } - ] - } - } - ] - }, - "vendor_name" : "NetGain Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.misc.sample_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5190." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetGain Systems Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name": "NetGain Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-964", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.misc.sample_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5190." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-964", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-964" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16678.json b/2017/16xxx/CVE-2017-16678.json index d6474ee5b96..287ca93f94d 100644 --- a/2017/16xxx/CVE-2017-16678.json +++ b/2017/16xxx/CVE-2017-16678.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-16678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP NetWeaver Knowledge Management Configuration Service", - "version" : { - "version_data" : [ - { - "version_value" : "EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server Side Request Forgery (SSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-16678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Knowledge Management Configuration Service", + "version": { + "version_data": [ + { + "version_value": "EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2457562", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2457562" - }, - { - "name" : "102149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server Side Request Forgery (SSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2457562", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2457562" + }, + { + "name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" + }, + { + "name": "102149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102149" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16688.json b/2017/16xxx/CVE-2017-16688.json index 77784dcf432..a2ca374d703 100644 --- a/2017/16xxx/CVE-2017-16688.json +++ b/2017/16xxx/CVE-2017-16688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16688", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16688", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4045.json b/2017/4xxx/CVE-2017-4045.json index 2f55c8cebb9..5404242c715 100644 --- a/2017/4xxx/CVE-2017-4045.json +++ b/2017/4xxx/CVE-2017-4045.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4045", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4045", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4443.json b/2017/4xxx/CVE-2017-4443.json index 873aae4b0cc..be1ea8f9b48 100644 --- a/2017/4xxx/CVE-2017-4443.json +++ b/2017/4xxx/CVE-2017-4443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4443", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4443", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4977.json b/2017/4xxx/CVE-2017-4977.json index b8db3bb69f5..b5be45d4935 100644 --- a/2017/4xxx/CVE-2017-4977.json +++ b/2017/4xxx/CVE-2017-4977.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52", - "version" : { - "version_data" : [ - { - "version_value" : "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Sensitive Information Disclosure Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52", + "version": { + "version_data": [ + { + "version_value": "RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540339/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540339/30/0/threaded" - }, - { - "name" : "97225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97225" - }, - { - "name" : "1038162", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sensitive Information Disclosure Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97225" + }, + { + "name": "http://www.securityfocus.com/archive/1/540339/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540339/30/0/threaded" + }, + { + "name": "1038162", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038162" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4991.json b/2017/4xxx/CVE-2017-4991.json index 66f4ce2fb27..c61bdd95392 100644 --- a/2017/4xxx/CVE-2017-4991.json +++ b/2017/4xxx/CVE-2017-4991.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Foundry UAA", - "version" : { - "version_data" : [ - { - "version_value" : "Cloud Foundry UAA" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UAA password reset vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry UAA", + "version": { + "version_data": [ + { + "version_value": "Cloud Foundry UAA" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/cve-2017-4991/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/cve-2017-4991/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UAA password reset vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/cve-2017-4991/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/cve-2017-4991/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5135.json b/2018/5xxx/CVE-2018-5135.json index 8ca97e428b8..2e89ca50960 100644 --- a/2018/5xxx/CVE-2018-5135.json +++ b/2018/5xxx/CVE-2018-5135.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "59" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebExtensions can bypass normal restrictions in some circumstances and use \"browser.tabs.executeScript\" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged \"about:\" pages. This vulnerability affects Firefox < 59." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "WebExtension browserAction can inject scripts into unintended contexts" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "59" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-06/" - }, - { - "name" : "USN-3596-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3596-1/" - }, - { - "name" : "103386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103386" - }, - { - "name" : "1040514", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebExtensions can bypass normal restrictions in some circumstances and use \"browser.tabs.executeScript\" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged \"about:\" pages. This vulnerability affects Firefox < 59." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "WebExtension browserAction can inject scripts into unintended contexts" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103386" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431371" + }, + { + "name": "1040514", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040514" + }, + { + "name": "USN-3596-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3596-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5417.json b/2018/5xxx/CVE-2018-5417.json index 974111ccdbb..95fd4b0bebc 100644 --- a/2018/5xxx/CVE-2018-5417.json +++ b/2018/5xxx/CVE-2018-5417.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5417", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-5417", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5444.json b/2018/5xxx/CVE-2018-5444.json index d81ac730ebe..7bc60daf881 100644 --- a/2018/5xxx/CVE-2018-5444.json +++ b/2018/5xxx/CVE-2018-5444.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5444", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5444", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file