From 24b9b3564e074050730ac5f44a05a6178febae86 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:28:24 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0246.json | 120 +++++----- 2001/0xxx/CVE-2001-0333.json | 200 ++++++++--------- 2001/0xxx/CVE-2001-0345.json | 140 ++++++------ 2001/0xxx/CVE-2001-0472.json | 130 +++++------ 2001/0xxx/CVE-2001-0965.json | 150 ++++++------- 2001/1xxx/CVE-2001-1304.json | 130 +++++------ 2006/2xxx/CVE-2006-2209.json | 170 +++++++-------- 2006/2xxx/CVE-2006-2387.json | 210 +++++++++--------- 2006/2xxx/CVE-2006-2676.json | 140 ++++++------ 2006/2xxx/CVE-2006-2704.json | 190 ++++++++-------- 2006/2xxx/CVE-2006-2737.json | 190 ++++++++-------- 2006/2xxx/CVE-2006-2829.json | 180 +++++++-------- 2006/6xxx/CVE-2006-6294.json | 140 ++++++------ 2006/6xxx/CVE-2006-6348.json | 140 ++++++------ 2011/2xxx/CVE-2011-2411.json | 130 +++++------ 2011/2xxx/CVE-2011-2556.json | 34 +-- 2011/2xxx/CVE-2011-2655.json | 150 ++++++------- 2011/2xxx/CVE-2011-2838.json | 160 +++++++------- 2011/2xxx/CVE-2011-2888.json | 180 +++++++-------- 2011/2xxx/CVE-2011-2908.json | 290 ++++++++++++------------ 2011/2xxx/CVE-2011-2936.json | 34 +-- 2011/3xxx/CVE-2011-3169.json | 140 ++++++------ 2011/3xxx/CVE-2011-3319.json | 120 +++++----- 2011/3xxx/CVE-2011-3537.json | 150 ++++++------- 2011/3xxx/CVE-2011-3878.json | 150 ++++++------- 2011/4xxx/CVE-2011-4020.json | 34 +-- 2011/4xxx/CVE-2011-4079.json | 210 +++++++++--------- 2011/4xxx/CVE-2011-4312.json | 200 ++++++++--------- 2011/4xxx/CVE-2011-4500.json | 130 +++++------ 2011/4xxx/CVE-2011-4528.json | 180 +++++++-------- 2011/4xxx/CVE-2011-4964.json | 34 +-- 2011/4xxx/CVE-2011-4993.json | 34 +-- 2013/0xxx/CVE-2013-0456.json | 130 +++++------ 2013/1xxx/CVE-2013-1484.json | 230 +++++++++---------- 2013/1xxx/CVE-2013-1821.json | 340 ++++++++++++++--------------- 2013/1xxx/CVE-2013-1945.json | 34 +-- 2013/5xxx/CVE-2013-5124.json | 34 +-- 2013/5xxx/CVE-2013-5307.json | 170 +++++++-------- 2013/5xxx/CVE-2013-5711.json | 130 +++++------ 2013/5xxx/CVE-2013-5800.json | 240 ++++++++++---------- 2013/5xxx/CVE-2013-5979.json | 130 +++++------ 2014/2xxx/CVE-2014-2015.json | 190 ++++++++-------- 2014/2xxx/CVE-2014-2110.json | 34 +-- 2014/2xxx/CVE-2014-2734.json | 210 +++++++++--------- 2014/2xxx/CVE-2014-2874.json | 120 +++++----- 2014/2xxx/CVE-2014-2906.json | 34 +-- 2014/6xxx/CVE-2014-6142.json | 34 +-- 2014/6xxx/CVE-2014-6358.json | 34 +-- 2017/0xxx/CVE-2017-0177.json | 34 +-- 2017/0xxx/CVE-2017-0499.json | 164 +++++++------- 2017/0xxx/CVE-2017-0630.json | 136 ++++++------ 2017/0xxx/CVE-2017-0879.json | 140 ++++++------ 2017/1000xxx/CVE-2017-1000257.json | 194 ++++++++-------- 2017/16xxx/CVE-2017-16167.json | 132 +++++------ 2017/16xxx/CVE-2017-16360.json | 140 ++++++------ 2017/16xxx/CVE-2017-16436.json | 34 +-- 2017/16xxx/CVE-2017-16443.json | 34 +-- 2017/16xxx/CVE-2017-16631.json | 34 +-- 2017/16xxx/CVE-2017-16987.json | 34 +-- 2017/4xxx/CVE-2017-4196.json | 34 +-- 2017/4xxx/CVE-2017-4681.json | 34 +-- 2017/4xxx/CVE-2017-4873.json | 34 +-- 2017/4xxx/CVE-2017-4923.json | 140 ++++++------ 2018/5xxx/CVE-2018-5273.json | 120 +++++----- 2018/5xxx/CVE-2018-5784.json | 170 +++++++-------- 65 files changed, 4146 insertions(+), 4146 deletions(-) diff --git a/2001/0xxx/CVE-2001-0246.json b/2001/0xxx/CVE-2001-0246.json index e7baa007b87..28cb81ea807 100644 --- a/2001/0xxx/CVE-2001-0246.json +++ b/2001/0xxx/CVE-2001-0246.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the \"Frame Domain Verification\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-027", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the \"Frame Domain Verification\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-027", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0333.json b/2001/0xxx/CVE-2001-0333.json index 8e93e71a630..aca777085d5 100644 --- a/2001/0xxx/CVE-2001-0333.json +++ b/2001/0xxx/CVE-2001-0333.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and \"\\\" characters twice." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98992056521300&w=2" - }, - { - "name" : "MS01-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026" - }, - { - "name" : "CA-2001-12", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-12.html" - }, - { - "name" : "iis-url-decoding(6534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6534" - }, - { - "name" : "2708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2708" - }, - { - "name" : "oval:org.mitre.oval:def:1018", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1018" - }, - { - "name" : "oval:org.mitre.oval:def:1051", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1051" - }, - { - "name" : "oval:org.mitre.oval:def:37", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A37" - }, - { - "name" : "oval:org.mitre.oval:def:78", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A78" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and \"\\\" characters twice." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026" + }, + { + "name": "oval:org.mitre.oval:def:1051", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1051" + }, + { + "name": "CA-2001-12", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-12.html" + }, + { + "name": "iis-url-decoding(6534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6534" + }, + { + "name": "oval:org.mitre.oval:def:37", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A37" + }, + { + "name": "oval:org.mitre.oval:def:78", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A78" + }, + { + "name": "2708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2708" + }, + { + "name": "20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98992056521300&w=2" + }, + { + "name": "oval:org.mitre.oval:def:1018", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1018" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0345.json b/2001/0xxx/CVE-2001-0345.json index db4fd9ec5f8..3e972e3ea35 100644 --- a/2001/0xxx/CVE-2001-0345.json +++ b/2001/0xxx/CVE-2001-0345.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-031", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031" - }, - { - "name" : "2843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2843" - }, - { - "name" : "win2k-telnet-idle-sessions-dos(6667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-031", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031" + }, + { + "name": "win2k-telnet-idle-sessions-dos(6667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6667" + }, + { + "name": "2843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2843" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0472.json b/2001/0xxx/CVE-2001-0472.json index 824a55c21af..92c9c1f9ed1 100644 --- a/2001/0xxx/CVE-2001-0472.json +++ b/2001/0xxx/CVE-2001-0472.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010320 def-2001-12: Hursley Software Laboratories Consumer Transaction Framework DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0243.html" - }, - { - "name" : "hslctf-http-dos(6250)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010320 def-2001-12: Hursley Software Laboratories Consumer Transaction Framework DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0243.html" + }, + { + "name": "hslctf-http-dos(6250)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6250" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0965.json b/2001/0xxx/CVE-2001-0965.json index 674f3903de9..db5e359bff5 100644 --- a/2001/0xxx/CVE-2001-0965.json +++ b/2001/0xxx/CVE-2001-0965.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010817 [ASGUARD-LABS] glFTPD v1.23 DOS Attack", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-08/0239.html" - }, - { - "name" : "http://www.glftpd.org/", - "refsource" : "CONFIRM", - "url" : "http://www.glftpd.org/" - }, - { - "name" : "3201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3201" - }, - { - "name" : "glftpd-list-dos(7001)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7001.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3201" + }, + { + "name": "http://www.glftpd.org/", + "refsource": "CONFIRM", + "url": "http://www.glftpd.org/" + }, + { + "name": "glftpd-list-dos(7001)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7001.php" + }, + { + "name": "20010817 [ASGUARD-LABS] glFTPD v1.23 DOS Attack", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0239.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1304.json b/2001/1xxx/CVE-2001-1304.json index 5e7ca256e56..3160281dae6 100644 --- a/2001/1xxx/CVE-2001-1304.json +++ b/2001/1xxx/CVE-2001-1304.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010803 Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/?", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-08/0048.html" - }, - { - "name" : "shoutcast-http-field-bo(6938)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6938.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shoutcast-http-field-bo(6938)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6938.php" + }, + { + "name": "20010803 Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/?", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0048.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2209.json b/2006/2xxx/CVE-2006-2209.json index b1ae098051d..eea710b1b71 100644 --- a/2006/2xxx/CVE-2006-2209.json +++ b/2006/2xxx/CVE-2006-2209.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17821" - }, - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/pacheckbook-1.1-mutlsql.txt", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/pacheckbook-1.1-mutlsql.txt" - }, - { - "name" : "ADV-2006-1691", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1691" - }, - { - "name" : "25349", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25349" - }, - { - "name" : "20008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20008" - }, - { - "name" : "pacheckbook-index-sql-injection(26356)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25349", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25349" + }, + { + "name": "20008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20008" + }, + { + "name": "ADV-2006-1691", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1691" + }, + { + "name": "17821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17821" + }, + { + "name": "pacheckbook-index-sql-injection(26356)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26356" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/pacheckbook-1.1-mutlsql.txt", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/pacheckbook-1.1-mutlsql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2387.json b/2006/2xxx/CVE-2006-2387.json index 12de34d0039..91afc80fd2d 100644 --- a/2006/2xxx/CVE-2006-2387.json +++ b/2006/2xxx/CVE-2006-2387.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-2387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061010 ZDI-06-033: Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448147/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-033.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-033.html" - }, - { - "name" : "HPSBST02161", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "SSRT061264", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "MS06-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059" - }, - { - "name" : "VU#706668", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/706668" - }, - { - "name" : "20344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20344" - }, - { - "name" : "ADV-2006-3978", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3978" - }, - { - "name" : "oval:org.mitre.oval:def:570", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A570" - }, - { - "name" : "1017031", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-033.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-033.html" + }, + { + "name": "SSRT061264", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "MS06-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059" + }, + { + "name": "20344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20344" + }, + { + "name": "1017031", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017031" + }, + { + "name": "VU#706668", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/706668" + }, + { + "name": "HPSBST02161", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "ADV-2006-3978", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3978" + }, + { + "name": "20061010 ZDI-06-033: Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448147/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:570", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A570" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2676.json b/2006/2xxx/CVE-2006-2676.json index 99088f7d4bb..9563bdf5b74 100644 --- a/2006/2xxx/CVE-2006-2676.json +++ b/2006/2xxx/CVE-2006-2676.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en" - }, - { - "name" : "20266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20266" - }, - { - "name" : "sitescapeforum-uservcard-disclose-info(26672)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en" + }, + { + "name": "20266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20266" + }, + { + "name": "sitescapeforum-uservcard-disclose-info(26672)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26672" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2704.json b/2006/2xxx/CVE-2006-2704.json index ff5013f1700..9c24fb6fc16 100644 --- a/2006/2xxx/CVE-2006-2704.json +++ b/2006/2xxx/CVE-2006-2704.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/WDON-6Q6RCB", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/WDON-6Q6RCB" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/WDON-6Q6RJY", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/WDON-6Q6RJY" - }, - { - "name" : "VU#135529", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/135529" - }, - { - "name" : "VU#921017", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/921017" - }, - { - "name" : "ADV-2006-2069", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2069" - }, - { - "name" : "1016184", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016184" - }, - { - "name" : "20378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20378" - }, - { - "name" : "c5evm-server-plaintext-message(26751)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "c5evm-server-plaintext-message(26751)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26751" + }, + { + "name": "VU#135529", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/135529" + }, + { + "name": "20378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20378" + }, + { + "name": "http://www.kb.cert.org/vuls/id/WDON-6Q6RCB", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/WDON-6Q6RCB" + }, + { + "name": "ADV-2006-2069", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2069" + }, + { + "name": "1016184", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016184" + }, + { + "name": "http://www.kb.cert.org/vuls/id/WDON-6Q6RJY", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/WDON-6Q6RJY" + }, + { + "name": "VU#921017", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/921017" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2737.json b/2006/2xxx/CVE-2006-2737.json index e8f5ceb14c6..56c593e9b6c 100644 --- a/2006/2xxx/CVE-2006-2737.json +++ b/2006/2xxx/CVE-2006-2737.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060529 [KAPDA::#46] - Nukedit Unauthorized Admin Add", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435311/100/0/threaded" - }, - { - "name" : "http://www.kapda.ir/advisory-337.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-337.html" - }, - { - "name" : "http://www.kapda.ir/attach-1661-nukedit.txt", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/attach-1661-nukedit.txt" - }, - { - "name" : "18157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18157" - }, - { - "name" : "ADV-2006-2052", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2052" - }, - { - "name" : "20348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20348" - }, - { - "name" : "1013", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1013" - }, - { - "name" : "nukedit-register-security-bypass(26951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1013" + }, + { + "name": "nukedit-register-security-bypass(26951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26951" + }, + { + "name": "http://www.kapda.ir/advisory-337.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-337.html" + }, + { + "name": "20060529 [KAPDA::#46] - Nukedit Unauthorized Admin Add", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435311/100/0/threaded" + }, + { + "name": "http://www.kapda.ir/attach-1661-nukedit.txt", + "refsource": "MISC", + "url": "http://www.kapda.ir/attach-1661-nukedit.txt" + }, + { + "name": "18157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18157" + }, + { + "name": "ADV-2006-2052", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2052" + }, + { + "name": "20348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20348" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2829.json b/2006/2xxx/CVE-2006-2829.json index f22d78ab0fd..1457b7a03b8 100644 --- a/2006/2xxx/CVE-2006-2829.json +++ b/2006/2xxx/CVE-2006-2829.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/resources/mk/hawk_security_advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/resources/mk/hawk_security_advisory.txt" - }, - { - "name" : "VU#620516", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/620516" - }, - { - "name" : "18300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18300" - }, - { - "name" : "ADV-2006-2156", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2156" - }, - { - "name" : "1016223", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016223" - }, - { - "name" : "20431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20431" - }, - { - "name" : "tibco-hawk-monagent-bo(26938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18300" + }, + { + "name": "tibco-hawk-monagent-bo(26938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26938" + }, + { + "name": "20431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20431" + }, + { + "name": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/resources/mk/hawk_security_advisory.txt" + }, + { + "name": "VU#620516", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/620516" + }, + { + "name": "1016223", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016223" + }, + { + "name": "ADV-2006-2156", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2156" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6294.json b/2006/6xxx/CVE-2006-6294.json index 2caaf29271c..2dc75b46983 100644 --- a/2006/6xxx/CVE-2006-6294.json +++ b/2006/6xxx/CVE-2006-6294.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in FRISK Software F-Prot Antivirus before 4.6.7 have unspecified impact and attack vectors. NOTE: this might be related to CVE-2006-6293, but it is not clear due to the vagueness of the report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.f-prot.com/news/gen_news/061201_release_unix467.html", - "refsource" : "CONFIRM", - "url" : "http://www.f-prot.com/news/gen_news/061201_release_unix467.html" - }, - { - "name" : "GLSA-200612-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-12.xml" - }, - { - "name" : "23328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in FRISK Software F-Prot Antivirus before 4.6.7 have unspecified impact and attack vectors. NOTE: this might be related to CVE-2006-6293, but it is not clear due to the vagueness of the report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23328" + }, + { + "name": "http://www.f-prot.com/news/gen_news/061201_release_unix467.html", + "refsource": "CONFIRM", + "url": "http://www.f-prot.com/news/gen_news/061201_release_unix467.html" + }, + { + "name": "GLSA-200612-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6348.json b/2006/6xxx/CVE-2006-6348.json index c9195b71e60..1dc12f3af68 100644 --- a/2006/6xxx/CVE-2006-6348.json +++ b/2006/6xxx/CVE-2006-6348.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061204 new xss in modbb forum", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453508/100/0/threaded" - }, - { - "name" : "1977", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1977" - }, - { - "name" : "modbb-board-xss(30710)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1977", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1977" + }, + { + "name": "modbb-board-xss(30710)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30710" + }, + { + "name": "20061204 new xss in modbb forum", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453508/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2411.json b/2011/2xxx/CVE-2011-2411.json index a30af0b904b..162444b9b57 100644 --- a/2011/2xxx/CVE-2011-2411.json +++ b/2011/2xxx/CVE-2011-2411.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-2411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBNS02701", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543" - }, - { - "name" : "SSRT100598", - "refsource" : "HP", - "url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBNS02701", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543" + }, + { + "name": "SSRT100598", + "refsource": "HP", + "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2556.json b/2011/2xxx/CVE-2011-2556.json index 8d7e27329d4..7bb0b761588 100644 --- a/2011/2xxx/CVE-2011-2556.json +++ b/2011/2xxx/CVE-2011-2556.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2556", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2556", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2655.json b/2011/2xxx/CVE-2011-2655.json index 0580ef7de0f..6b73be37247 100644 --- a/2011/2xxx/CVE-2011-2655.json +++ b/2011/2xxx/CVE-2011-2655.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2656." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download.novell.com/Download?buildid=Fz0LYfG9qCU%7E", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=Fz0LYfG9qCU%7E" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7009489", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7009489" - }, - { - "name" : "50303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50303" - }, - { - "name" : "zenworks-unspec-code-exec(70831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2656." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zenworks-unspec-code-exec(70831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70831" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7009489", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7009489" + }, + { + "name": "50303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50303" + }, + { + "name": "http://download.novell.com/Download?buildid=Fz0LYfG9qCU%7E", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=Fz0LYfG9qCU%7E" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2838.json b/2011/2xxx/CVE-2011-2838.json index cc430070d67..97c062db334 100644 --- a/2011/2xxx/CVE-2011-2838.json +++ b/2011/2xxx/CVE-2011-2838.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=75070", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=75070" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" - }, - { - "name" : "75539", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75539" - }, - { - "name" : "oval:org.mitre.oval:def:14261", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14261" - }, - { - "name" : "chrome-mime-type-unspecified(69865)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=75070", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=75070" + }, + { + "name": "75539", + "refsource": "OSVDB", + "url": "http://osvdb.org/75539" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" + }, + { + "name": "oval:org.mitre.oval:def:14261", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14261" + }, + { + "name": "chrome-mime-type-unspecified(69865)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69865" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2888.json b/2011/2xxx/CVE-2011-2888.json index 0b7be78d042..f7af2820b23 100644 --- a/2011/2xxx/CVE-2011-2888.json +++ b/2011/2xxx/CVE-2011-2888.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements" - }, - { - "name" : "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21505448", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21505448" - }, - { - "name" : "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm", - "refsource" : "CONFIRM", - "url" : "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm" - }, - { - "name" : "48936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48936" - }, - { - "name" : "74165", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74165" - }, - { - "name" : "lotus-symphony-graphics-dos(68888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48936" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21505448", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21505448" + }, + { + "name": "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements" + }, + { + "name": "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm", + "refsource": "CONFIRM", + "url": "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm" + }, + { + "name": "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm" + }, + { + "name": "74165", + "refsource": "OSVDB", + "url": "http://osvdb.org/74165" + }, + { + "name": "lotus-symphony-graphics-dos(68888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68888" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2908.json b/2011/2xxx/CVE-2011-2908.json index 23aedcaf6d9..651073588d8 100644 --- a/2011/2xxx/CVE-2011-2908.json +++ b/2011/2xxx/CVE-2011-2908.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=730176", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=730176" - }, - { - "name" : "RHSA-2012:1152", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1152.html" - }, - { - "name" : "RHSA-2012:1165", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1165.html" - }, - { - "name" : "RHSA-2012:1232", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1232.html" - }, - { - "name" : "RHSA-2013:0191", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0191.html" - }, - { - "name" : "RHSA-2013:0192", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0192.html" - }, - { - "name" : "RHSA-2013:0193", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0193.html" - }, - { - "name" : "RHSA-2013:0194", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0194.html" - }, - { - "name" : "RHSA-2013:0195", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0195.html" - }, - { - "name" : "RHSA-2013:0196", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0196.html" - }, - { - "name" : "RHSA-2013:0197", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0197.html" - }, - { - "name" : "RHSA-2013:0198", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0198.html" - }, - { - "name" : "54915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54915" - }, - { - "name" : "84530", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/84530" - }, - { - "name" : "50230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50230" - }, - { - "name" : "50549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50549" - }, - { - "name" : "51984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51984" - }, - { - "name" : "jboss-jmx-console-csrf(77549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1165", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1165.html" + }, + { + "name": "54915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54915" + }, + { + "name": "jboss-jmx-console-csrf(77549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77549" + }, + { + "name": "50230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50230" + }, + { + "name": "RHSA-2013:0192", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html" + }, + { + "name": "RHSA-2013:0198", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html" + }, + { + "name": "RHSA-2012:1152", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1152.html" + }, + { + "name": "RHSA-2013:0195", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html" + }, + { + "name": "RHSA-2013:0196", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html" + }, + { + "name": "RHSA-2013:0193", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html" + }, + { + "name": "51984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51984" + }, + { + "name": "50549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50549" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=730176", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730176" + }, + { + "name": "RHSA-2013:0191", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html" + }, + { + "name": "RHSA-2012:1232", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html" + }, + { + "name": "RHSA-2013:0197", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html" + }, + { + "name": "RHSA-2013:0194", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html" + }, + { + "name": "84530", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/84530" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2936.json b/2011/2xxx/CVE-2011-2936.json index 5a25580ee3f..3993dd6c30f 100644 --- a/2011/2xxx/CVE-2011-2936.json +++ b/2011/2xxx/CVE-2011-2936.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2936", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2936", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3169.json b/2011/3xxx/CVE-2011-3169.json index 923b2569702..8b31f8fd9e1 100644 --- a/2011/3xxx/CVE-2011-3169.json +++ b/2011/3xxx/CVE-2011-3169.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-3169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBOV02470", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01915145" - }, - { - "name" : "SSRT080123", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01915145" - }, - { - "name" : "1026277", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBOV02470", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01915145" + }, + { + "name": "1026277", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026277" + }, + { + "name": "SSRT080123", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01915145" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3319.json b/2011/3xxx/CVE-2011-3319.json index 85cd5bbc548..3d6bdf3bf34 100644 --- a/2011/3xxx/CVE-2011-3319.json +++ b/2011/3xxx/CVE-2011-3319.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111026 Buffer Overflow Vulnerabilities in the Cisco WebEx Player", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111026 Buffer Overflow Vulnerabilities in the Cisco WebEx Player", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3537.json b/2011/3xxx/CVE-2011-3537.json index 3c9efc0ff4e..c8478fa3e59 100644 --- a/2011/3xxx/CVE-2011-3537.json +++ b/2011/3xxx/CVE-2011-3537.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50259" - }, - { - "name" : "76472", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76472" - }, - { - "name" : "orasun-sol-kfs-unspecified(70810)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "orasun-sol-kfs-unspecified(70810)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70810" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "50259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50259" + }, + { + "name": "76472", + "refsource": "OSVDB", + "url": "http://osvdb.org/76472" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3878.json b/2011/3xxx/CVE-2011-3878.json index 7147b09418e..7c098bc9c05 100644 --- a/2011/3xxx/CVE-2011-3878.json +++ b/2011/3xxx/CVE-2011-3878.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=94487", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=94487" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" - }, - { - "name" : "oval:org.mitre.oval:def:12811", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12811" - }, - { - "name" : "google-chrome-worker-code-exec(70956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12811", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12811" + }, + { + "name": "google-chrome-worker-code-exec(70956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70956" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=94487", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=94487" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4020.json b/2011/4xxx/CVE-2011-4020.json index 1472902ce91..4f62b8f783e 100644 --- a/2011/4xxx/CVE-2011-4020.json +++ b/2011/4xxx/CVE-2011-4020.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4020", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4020", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4079.json b/2011/4xxx/CVE-2011-4079.json index d3555a8c17a..140fb681e8a 100644 --- a/2011/4xxx/CVE-2011-4079.json +++ b/2011/4xxx/CVE-2011-4079.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111026 CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/10/26/5" - }, - { - "name" : "[oss-security] 20111026 Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/10/26/9" - }, - { - "name" : "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9", - "refsource" : "MISC", - "url" : "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9" - }, - { - "name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059", - "refsource" : "MISC", - "url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=749324", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=749324" - }, - { - "name" : "GLSA-201406-36", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-36.xml" - }, - { - "name" : "USN-1266-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1266-1" - }, - { - "name" : "50384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50384" - }, - { - "name" : "46599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46599" - }, - { - "name" : "openldap-utf8stringnormalize-dos(70991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-36", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml" + }, + { + "name": "[oss-security] 20111026 CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/10/26/5" + }, + { + "name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059", + "refsource": "MISC", + "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=749324", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=749324" + }, + { + "name": "USN-1266-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1266-1" + }, + { + "name": "46599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46599" + }, + { + "name": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9", + "refsource": "MISC", + "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9" + }, + { + "name": "50384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50384" + }, + { + "name": "openldap-utf8stringnormalize-dos(70991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70991" + }, + { + "name": "[oss-security] 20111026 Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/10/26/9" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4312.json b/2011/4xxx/CVE-2011-4312.json index 6a4cce23a7e..032883fc0f5 100644 --- a/2011/4xxx/CVE-2011-4312.json +++ b/2011/4xxx/CVE-2011-4312.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/15/8" - }, - { - "name" : "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/15/9" - }, - { - "name" : "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/", - "refsource" : "CONFIRM", - "url" : "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=754126", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=754126" - }, - { - "name" : "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d", - "refsource" : "CONFIRM", - "url" : "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d" - }, - { - "name" : "FEDORA-2011-15933", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html" - }, - { - "name" : "FEDORA-2011-15935", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html" - }, - { - "name" : "50681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50681" - }, - { - "name" : "46840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/", + "refsource": "CONFIRM", + "url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=754126", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126" + }, + { + "name": "46840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46840" + }, + { + "name": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d", + "refsource": "CONFIRM", + "url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d" + }, + { + "name": "FEDORA-2011-15935", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html" + }, + { + "name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/15/9" + }, + { + "name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/15/8" + }, + { + "name": "50681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50681" + }, + { + "name": "FEDORA-2011-15933", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4500.json b/2011/4xxx/CVE-2011-4500.json index 10f7163682b..9ee88d4b75f 100644 --- a/2011/4xxx/CVE-2011-4500.json +++ b/2011/4xxx/CVE-2011-4500.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.upnp-hacks.org/devices.html", - "refsource" : "MISC", - "url" : "http://www.upnp-hacks.org/devices.html" - }, - { - "name" : "VU#357851", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/357851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.upnp-hacks.org/devices.html", + "refsource": "MISC", + "url": "http://www.upnp-hacks.org/devices.html" + }, + { + "name": "VU#357851", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/357851" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4528.json b/2011/4xxx/CVE-2011-4528.json index 181e0ad89a2..cda0a867a54 100644 --- a/2011/4xxx/CVE-2011-4528.json +++ b/2011/4xxx/CVE-2011-4528.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt", - "refsource" : "CONFIRM", - "url" : "http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt" - }, - { - "name" : "DSA-2370", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2370" - }, - { - "name" : "FEDORA-2011-17282", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071525.html" - }, - { - "name" : "FEDORA-2011-17337", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071535.html" - }, - { - "name" : "VU#209659", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/209659" - }, - { - "name" : "77909", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77909" - }, - { - "name" : "47326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt", + "refsource": "CONFIRM", + "url": "http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt" + }, + { + "name": "47326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47326" + }, + { + "name": "VU#209659", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/209659" + }, + { + "name": "DSA-2370", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2370" + }, + { + "name": "FEDORA-2011-17337", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071535.html" + }, + { + "name": "77909", + "refsource": "OSVDB", + "url": "http://osvdb.org/77909" + }, + { + "name": "FEDORA-2011-17282", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071525.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4964.json b/2011/4xxx/CVE-2011-4964.json index 9428dbc2ba2..04bbb01524d 100644 --- a/2011/4xxx/CVE-2011-4964.json +++ b/2011/4xxx/CVE-2011-4964.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4964", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2667. Reason: This candidate is a duplicate of CVE-2012-2667. Notes: All CVE users should reference CVE-2012-2667 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4964", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2667. Reason: This candidate is a duplicate of CVE-2012-2667. Notes: All CVE users should reference CVE-2012-2667 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4993.json b/2011/4xxx/CVE-2011-4993.json index dc620569983..041fc8557af 100644 --- a/2011/4xxx/CVE-2011-4993.json +++ b/2011/4xxx/CVE-2011-4993.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4993", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4993", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0456.json b/2013/0xxx/CVE-2013-0456.json index cfe67c8376a..6e9ed7dd5a1 100644 --- a/2013/0xxx/CVE-2013-0456.json +++ b/2013/0xxx/CVE-2013-0456.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to hijack sessions via a modified cookie path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" - }, - { - "name" : "sterling-b2b-cve20130456-hijack(80972)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to hijack sessions via a modified cookie path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sterling-b2b-cve20130456-hijack(80972)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80972" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1484.json b/2013/1xxx/CVE-2013-1484.json index 350557626f5..3149f6f9b3e 100644 --- a/2013/1xxx/CVE-2013-1484.json +++ b/2013/1xxx/CVE-2013-1484.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/", - "refsource" : "MISC", - "url" : "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "USN-1735-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1735-1" - }, - { - "name" : "TA13-051A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-051A.html" - }, - { - "name" : "oval:org.mitre.oval:def:19508", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "TA13-051A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/", + "refsource": "MISC", + "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html" + }, + { + "name": "USN-1735-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1735-1" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19508", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19508" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1821.json b/2013/1xxx/CVE-2013-1821.json index 190642f6f60..2a15a2ead45 100644 --- a/2013/1xxx/CVE-2013-1821.json +++ b/2013/1xxx/CVE-2013-1821.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130306 CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/06/5" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=914716", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=914716" - }, - { - "name" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384", - "refsource" : "CONFIRM", - "url" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384" - }, - { - "name" : "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "DSA-2809", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2809" - }, - { - "name" : "DSA-2738", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2738" - }, - { - "name" : "MDVSA-2013:124", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124" - }, - { - "name" : "RHSA-2013:0611", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0611.html" - }, - { - "name" : "RHSA-2013:0612", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0612.html" - }, - { - "name" : "RHSA-2013:1028", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1028.html" - }, - { - "name" : "RHSA-2013:1147", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1147.html" - }, - { - "name" : "SSA:2013-075-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862" - }, - { - "name" : "openSUSE-SU-2013:0603", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html" - }, - { - "name" : "openSUSE-SU-2013:0614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html" - }, - { - "name" : "SUSE-SU-2013:0609", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html" - }, - { - "name" : "SUSE-SU-2013:0647", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html" - }, - { - "name" : "USN-1780-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1780-1" - }, - { - "name" : "58141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58141" - }, - { - "name" : "52783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52783" - }, - { - "name" : "52902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0612", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0612.html" + }, + { + "name": "MDVSA-2013:124", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124" + }, + { + "name": "openSUSE-SU-2013:0603", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html" + }, + { + "name": "SSA:2013-075-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862" + }, + { + "name": "52783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52783" + }, + { + "name": "DSA-2738", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2738" + }, + { + "name": "openSUSE-SU-2013:0614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html" + }, + { + "name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384", + "refsource": "CONFIRM", + "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "USN-1780-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1780-1" + }, + { + "name": "58141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58141" + }, + { + "name": "52902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52902" + }, + { + "name": "[oss-security] 20130306 CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/06/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914716", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914716" + }, + { + "name": "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/" + }, + { + "name": "SUSE-SU-2013:0609", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html" + }, + { + "name": "DSA-2809", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2809" + }, + { + "name": "RHSA-2013:1028", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1028.html" + }, + { + "name": "RHSA-2013:0611", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0611.html" + }, + { + "name": "RHSA-2013:1147", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html" + }, + { + "name": "SUSE-SU-2013:0647", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1945.json b/2013/1xxx/CVE-2013-1945.json index 68caa9d64b3..3bb3921384e 100644 --- a/2013/1xxx/CVE-2013-1945.json +++ b/2013/1xxx/CVE-2013-1945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5124.json b/2013/5xxx/CVE-2013-5124.json index 39b3a4643d9..a406572977d 100644 --- a/2013/5xxx/CVE-2013-5124.json +++ b/2013/5xxx/CVE-2013-5124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5307.json b/2013/5xxx/CVE-2013-5307.json index ba75b8aeba1..c556a8b24b7 100644 --- a/2013/5xxx/CVE-2013-5307.json +++ b/2013/5xxx/CVE-2013-5307.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013" - }, - { - "name" : "http://typo3.org/extensions/repository/view/ke_search", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/ke_search" - }, - { - "name" : "61609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61609" - }, - { - "name" : "95960", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95960" - }, - { - "name" : "54306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54306" - }, - { - "name" : "typo3-facetedsearch-unspecified-xss(86236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95960", + "refsource": "OSVDB", + "url": "http://osvdb.org/95960" + }, + { + "name": "typo3-facetedsearch-unspecified-xss(86236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86236" + }, + { + "name": "54306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54306" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013" + }, + { + "name": "61609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61609" + }, + { + "name": "http://typo3.org/extensions/repository/view/ke_search", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/ke_search" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5711.json b/2013/5xxx/CVE-2013-5711.json index 2beea74ccd6..b1801bde56a 100644 --- a/2013/5xxx/CVE-2013-5711.json +++ b/2013/5xxx/CVE-2013-5711.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin before 3.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130912 [iBliss Security Advisory] Cross-Site Scripting (XSS) vulnerability in Design-approval-system wordpress plugin", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0055.html" - }, - { - "name" : "http://wordpress.org/plugins/design-approval-system/other_notes/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/design-approval-system/other_notes/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin before 3.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130912 [iBliss Security Advisory] Cross-Site Scripting (XSS) vulnerability in Design-approval-system wordpress plugin", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0055.html" + }, + { + "name": "http://wordpress.org/plugins/design-approval-system/other_notes/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/design-approval-system/other_notes/" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5800.json b/2013/5xxx/CVE-2013-5800.json index 2cbf40699c0..da71089a56e 100644 --- a/2013/5xxx/CVE-2013-5800.json +++ b/2013/5xxx/CVE-2013-5800.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "RHSA-2013:1440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" - }, - { - "name" : "RHSA-2013:1447", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1447.html" - }, - { - "name" : "RHSA-2013:1451", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1451.html" - }, - { - "name" : "RHSA-2013:1507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" - }, - { - "name" : "SUSE-SU-2013:1666", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:1677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:1663", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" - }, - { - "name" : "USN-2089-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2089-1" - }, - { - "name" : "oval:org.mitre.oval:def:19093", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19093" - }, - { - "name" : "56338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:19093", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19093" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "RHSA-2013:1447", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" + }, + { + "name": "RHSA-2013:1440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" + }, + { + "name": "USN-2089-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2089-1" + }, + { + "name": "SUSE-SU-2013:1677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" + }, + { + "name": "openSUSE-SU-2013:1663", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" + }, + { + "name": "SUSE-SU-2013:1666", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "RHSA-2013:1507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html" + }, + { + "name": "56338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56338" + }, + { + "name": "RHSA-2013:1451", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5979.json b/2013/5xxx/CVE-2013-5979.json index 1c7afafa7db..e89f33bc419 100644 --- a/2013/5xxx/CVE-2013-5979.json +++ b/2013/5xxx/CVE-2013-5979.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-(DS-2013-00", - "refsource" : "MISC", - "url" : "http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-(DS-2013-00" - }, - { - "name" : "https://bugs.launchpad.net/xibo/+bug/1093967", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/xibo/+bug/1093967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-(DS-2013-00", + "refsource": "MISC", + "url": "http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-(DS-2013-00" + }, + { + "name": "https://bugs.launchpad.net/xibo/+bug/1093967", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/xibo/+bug/1093967" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2015.json b/2014/2xxx/CVE-2014-2015.json index a0114856e68..8a0e55c014e 100644 --- a/2014/2xxx/CVE-2014-2015.json +++ b/2014/2xxx/CVE-2014-2015.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow", - "refsource" : "MLIST", - "url" : "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html" - }, - { - "name" : "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow", - "refsource" : "MLIST", - "url" : "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html" - }, - { - "name" : "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow", - "refsource" : "MLIST", - "url" : "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html" - }, - { - "name" : "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/18/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066761", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066761" - }, - { - "name" : "RHSA-2015:1287", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1287.html" - }, - { - "name" : "USN-2122-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2122-1" - }, - { - "name" : "65581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow", + "refsource": "MLIST", + "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html" + }, + { + "name": "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/18/3" + }, + { + "name": "RHSA-2015:1287", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html" + }, + { + "name": "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow", + "refsource": "MLIST", + "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html" + }, + { + "name": "USN-2122-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2122-1" + }, + { + "name": "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow", + "refsource": "MLIST", + "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html" + }, + { + "name": "65581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65581" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2110.json b/2014/2xxx/CVE-2014-2110.json index af591d6a722..00dae61fb9f 100644 --- a/2014/2xxx/CVE-2014-2110.json +++ b/2014/2xxx/CVE-2014-2110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2734.json b/2014/2xxx/CVE-2014-2734.json index ae477f6a5c1..4bda771b859 100644 --- a/2014/2xxx/CVE-2014-2734.json +++ b/2014/2xxx/CVE-2014-2734.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/231" - }, - { - "name" : "20140502 Re: Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/13" - }, - { - "name" : "http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html" - }, - { - "name" : "https://gist.github.com/10446549", - "refsource" : "MISC", - "url" : "https://gist.github.com/10446549" - }, - { - "name" : "https://gist.github.com/emboss/91696b56cd227c8a0c13", - "refsource" : "MISC", - "url" : "https://gist.github.com/emboss/91696b56cd227c8a0c13" - }, - { - "name" : "https://github.com/adrienthebo/cve-2014-2734/", - "refsource" : "MISC", - "url" : "https://github.com/adrienthebo/cve-2014-2734/" - }, - { - "name" : "https://news.ycombinator.com/item?id=7601973", - "refsource" : "MISC", - "url" : "https://news.ycombinator.com/item?id=7601973" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/", - "refsource" : "MISC", - "url" : "https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/" - }, - { - "name" : "66956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66956" - }, - { - "name" : "106006", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/106006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html" + }, + { + "name": "106006", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/106006" + }, + { + "name": "https://news.ycombinator.com/item?id=7601973", + "refsource": "MISC", + "url": "https://news.ycombinator.com/item?id=7601973" + }, + { + "name": "66956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66956" + }, + { + "name": "20140502 Re: Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/13" + }, + { + "name": "https://gist.github.com/10446549", + "refsource": "MISC", + "url": "https://gist.github.com/10446549" + }, + { + "name": "https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/", + "refsource": "MISC", + "url": "https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/" + }, + { + "name": "https://gist.github.com/emboss/91696b56cd227c8a0c13", + "refsource": "MISC", + "url": "https://gist.github.com/emboss/91696b56cd227c8a0c13" + }, + { + "name": "https://github.com/adrienthebo/cve-2014-2734/", + "refsource": "MISC", + "url": "https://github.com/adrienthebo/cve-2014-2734/" + }, + { + "name": "20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/231" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2874.json b/2014/2xxx/CVE-2014-2874.json index c8b4854b9b2..feb6888f450 100644 --- a/2014/2xxx/CVE-2014-2874.json +++ b/2014/2xxx/CVE-2014-2874.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#437385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/437385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#437385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/437385" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2906.json b/2014/2xxx/CVE-2014-2906.json index e05781d4967..24a53f23883 100644 --- a/2014/2xxx/CVE-2014-2906.json +++ b/2014/2xxx/CVE-2014-2906.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2906", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2906", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6142.json b/2014/6xxx/CVE-2014-6142.json index c30e0933c21..3f4c01f52d3 100644 --- a/2014/6xxx/CVE-2014-6142.json +++ b/2014/6xxx/CVE-2014-6142.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6142", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6142", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6358.json b/2014/6xxx/CVE-2014-6358.json index 8a26932d08a..2546e2f00df 100644 --- a/2014/6xxx/CVE-2014-6358.json +++ b/2014/6xxx/CVE-2014-6358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6358", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-6358", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0177.json b/2017/0xxx/CVE-2017-0177.json index eebc142199c..a2549b09531 100644 --- a/2017/0xxx/CVE-2017-0177.json +++ b/2017/0xxx/CVE-2017-0177.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0177", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0177", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0499.json b/2017/0xxx/CVE-2017-0499.json index 18b5d685461..afb5020b64d 100644 --- a/2017/0xxx/CVE-2017-0499.json +++ b/2017/0xxx/CVE-2017-0499.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96806" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96806" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0630.json b/2017/0xxx/CVE-2017-0630.json index afc42a15547..f2df12d0507 100644 --- a/2017/0xxx/CVE-2017-0630.json +++ b/2017/0xxx/CVE-2017-0630.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98213" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0879.json b/2017/0xxx/CVE-2017-0879.json index 0cecf9802bb..314dafb776b 100644 --- a/2017/0xxx/CVE-2017-0879.json +++ b/2017/0xxx/CVE-2017-0879.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-0879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-0879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000257.json b/2017/1000xxx/CVE-2017-1000257.json index 0f37285bccb..2721824e220 100644 --- a/2017/1000xxx/CVE-2017-1000257.json +++ b/2017/1000xxx/CVE-2017-1000257.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-10-17", - "ID" : "CVE-2017-1000257", - "REQUESTER" : "daniel@haxx.se", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libcurl", - "version" : { - "version_data" : [ - { - "version_value" : "7.20.0 to and including 7.56.0" - } - ] - } - } - ] - }, - "vendor_name" : "libcurl" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-10-17", + "ID": "CVE-2017-1000257", + "REQUESTER": "daniel@haxx.se", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://curl.haxx.se/docs/adv_20171023.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_20171023.html" - }, - { - "name" : "DSA-4007", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-4007" - }, - { - "name" : "GLSA-201712-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-04" - }, - { - "name" : "RHSA-2017:3263", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3263" - }, - { - "name" : "RHSA-2018:2486", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2486" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "101519", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101519" - }, - { - "name" : "1039644", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://curl.haxx.se/docs/adv_20171023.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_20171023.html" + }, + { + "name": "RHSA-2017:3263", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3263" + }, + { + "name": "GLSA-201712-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-04" + }, + { + "name": "1039644", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039644" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "101519", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101519" + }, + { + "name": "DSA-4007", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-4007" + }, + { + "name": "RHSA-2018:2486", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2486" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16167.json b/2017/16xxx/CVE-2017-16167.json index 679362907a5..570172a1eed 100644 --- a/2017/16xxx/CVE-2017-16167.json +++ b/2017/16xxx/CVE-2017-16167.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "yyooopack node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "yyooopack node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/yyooopack", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/yyooopack" - }, - { - "name" : "https://nodesecurity.io/advisories/400", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/400", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/400" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/yyooopack", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/yyooopack" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16360.json b/2017/16xxx/CVE-2017-16360.json index 8ed4fb3c907..e7e9e0ee6d4 100644 --- a/2017/16xxx/CVE-2017-16360.json +++ b/2017/16xxx/CVE-2017-16360.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101818" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101818" + }, + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16436.json b/2017/16xxx/CVE-2017-16436.json index 1f786ba6339..21a826aa8f3 100644 --- a/2017/16xxx/CVE-2017-16436.json +++ b/2017/16xxx/CVE-2017-16436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16436", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16436", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16443.json b/2017/16xxx/CVE-2017-16443.json index 7b905b3a4d8..15c2f412d52 100644 --- a/2017/16xxx/CVE-2017-16443.json +++ b/2017/16xxx/CVE-2017-16443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16443", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16443", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16631.json b/2017/16xxx/CVE-2017-16631.json index 0f5c470c2fe..3a460b7c9c4 100644 --- a/2017/16xxx/CVE-2017-16631.json +++ b/2017/16xxx/CVE-2017-16631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16987.json b/2017/16xxx/CVE-2017-16987.json index d29566be4c1..7c0bb84c4f3 100644 --- a/2017/16xxx/CVE-2017-16987.json +++ b/2017/16xxx/CVE-2017-16987.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16987", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16987", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4196.json b/2017/4xxx/CVE-2017-4196.json index 30ec197db09..030510a42f5 100644 --- a/2017/4xxx/CVE-2017-4196.json +++ b/2017/4xxx/CVE-2017-4196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4196", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4196", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4681.json b/2017/4xxx/CVE-2017-4681.json index 82e5bb54d44..6942adcffcb 100644 --- a/2017/4xxx/CVE-2017-4681.json +++ b/2017/4xxx/CVE-2017-4681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4681", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4681", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4873.json b/2017/4xxx/CVE-2017-4873.json index efe4b62f7f4..6d58a8ba471 100644 --- a/2017/4xxx/CVE-2017-4873.json +++ b/2017/4xxx/CVE-2017-4873.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4873", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4873", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4923.json b/2017/4xxx/CVE-2017-4923.json index 0987413e1c3..5157b910a63 100644 --- a/2017/4xxx/CVE-2017-4923.json +++ b/2017/4xxx/CVE-2017-4923.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2017-4923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2017-4923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2017-0013.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2017-0013.html" - }, - { - "name" : "99997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99997" - }, - { - "name" : "1039013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html" + }, + { + "name": "99997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99997" + }, + { + "name": "1039013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039013" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5273.json b/2018/5xxx/CVE-2018-5273.json index 9b0f2f24b81..5adf4294837 100644 --- a/2018/5xxx/CVE-2018-5273.json +++ b/2018/5xxx/CVE-2018-5273.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e014", - "refsource" : "MISC", - "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e014", + "refsource": "MISC", + "url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e014" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5784.json b/2018/5xxx/CVE-2018-5784.json index c610f5f2cf4..73f7b246c16 100644 --- a/2018/5xxx/CVE-2018-5784.json +++ b/2018/5xxx/CVE-2018-5784.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180531 [SECURITY] [DLA 1391-1] tiff security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html" - }, - { - "name" : "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2772", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2772" - }, - { - "name" : "DSA-4349", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4349" - }, - { - "name" : "USN-3602-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3602-1/" - }, - { - "name" : "USN-3606-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3606-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3606-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3606-1/" + }, + { + "name": "USN-3602-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3602-1/" + }, + { + "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1391-1] tiff security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html" + }, + { + "name": "DSA-4349", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4349" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2772", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2772" + }, + { + "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html" + } + ] + } +} \ No newline at end of file