From 39c2e0eb0e10ea3ca402965f38ba16fd46712cd7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:07:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0009.json | 160 +++++----- 2001/0xxx/CVE-2001-0211.json | 130 ++++---- 2001/0xxx/CVE-2001-0500.json | 180 +++++------ 2001/0xxx/CVE-2001-0699.json | 140 ++++----- 2001/1xxx/CVE-2001-1228.json | 150 ++++----- 2001/1xxx/CVE-2001-1476.json | 130 ++++---- 2001/1xxx/CVE-2001-1594.json | 150 ++++----- 2006/2xxx/CVE-2006-2447.json | 300 +++++++++--------- 2006/2xxx/CVE-2006-2772.json | 150 ++++----- 2006/6xxx/CVE-2006-6490.json | 280 ++++++++--------- 2006/6xxx/CVE-2006-6745.json | 470 ++++++++++++++--------------- 2006/6xxx/CVE-2006-6932.json | 140 ++++----- 2011/2xxx/CVE-2011-2016.json | 130 ++++---- 2011/2xxx/CVE-2011-2037.json | 34 +-- 2011/2xxx/CVE-2011-2320.json | 140 ++++----- 2011/2xxx/CVE-2011-2540.json | 34 +-- 2011/2xxx/CVE-2011-2648.json | 160 +++++----- 2011/3xxx/CVE-2011-3045.json | 360 +++++++++++----------- 2011/3xxx/CVE-2011-3088.json | 190 ++++++------ 2011/3xxx/CVE-2011-3219.json | 180 +++++------ 2011/3xxx/CVE-2011-3557.json | 410 ++++++++++++------------- 2011/4xxx/CVE-2011-4159.json | 140 ++++----- 2011/4xxx/CVE-2011-4212.json | 140 ++++----- 2011/4xxx/CVE-2011-4235.json | 34 +-- 2011/4xxx/CVE-2011-4538.json | 34 +-- 2011/4xxx/CVE-2011-4557.json | 34 +-- 2011/4xxx/CVE-2011-4640.json | 120 ++++---- 2013/0xxx/CVE-2013-0173.json | 130 ++++---- 2013/0xxx/CVE-2013-0817.json | 34 +-- 2013/0xxx/CVE-2013-0980.json | 130 ++++---- 2013/1xxx/CVE-2013-1011.json | 160 +++++----- 2013/1xxx/CVE-2013-1538.json | 150 ++++----- 2013/1xxx/CVE-2013-1619.json | 250 +++++++-------- 2013/1xxx/CVE-2013-1833.json | 160 +++++----- 2013/5xxx/CVE-2013-5019.json | 180 +++++------ 2013/5xxx/CVE-2013-5944.json | 120 ++++---- 2014/2xxx/CVE-2014-2685.json | 170 +++++------ 2014/2xxx/CVE-2014-2804.json | 150 ++++----- 2014/2xxx/CVE-2014-2805.json | 34 +-- 2014/6xxx/CVE-2014-6122.json | 140 ++++----- 2017/0xxx/CVE-2017-0984.json | 34 +-- 2017/1000xxx/CVE-2017-1000187.json | 124 ++++---- 2017/1000xxx/CVE-2017-1000419.json | 134 ++++---- 2017/16xxx/CVE-2017-16179.json | 132 ++++---- 2017/16xxx/CVE-2017-16209.json | 132 ++++---- 2017/16xxx/CVE-2017-16420.json | 140 ++++----- 2017/16xxx/CVE-2017-16920.json | 130 ++++---- 2017/1xxx/CVE-2017-1991.json | 34 +-- 2017/4xxx/CVE-2017-4060.json | 34 +-- 2017/4xxx/CVE-2017-4445.json | 34 +-- 2017/4xxx/CVE-2017-4642.json | 34 +-- 2017/4xxx/CVE-2017-4928.json | 148 ++++----- 2017/4xxx/CVE-2017-4962.json | 34 +-- 2018/5xxx/CVE-2018-5307.json | 140 ++++----- 2018/5xxx/CVE-2018-5340.json | 130 ++++---- 2018/5xxx/CVE-2018-5486.json | 122 ++++---- 2018/5xxx/CVE-2018-5727.json | 120 ++++---- 57 files changed, 3992 insertions(+), 3992 deletions(-) diff --git a/2001/0xxx/CVE-2001-0009.json b/2001/0xxx/CVE-2001-0009.json index 21399f2fc4f..55a6d187783 100644 --- a/2001/0xxx/CVE-2001-0009.json +++ b/2001/0xxx/CVE-2001-0009.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/154537" - }, - { - "name" : "20010109 bugtraq id 2173 Lotus Domino Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/155124" - }, - { - "name" : "2173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2173" - }, - { - "name" : "lotus-domino-directory-traversal(5899)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5899" - }, - { - "name" : "1703", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1703", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1703" + }, + { + "name": "lotus-domino-directory-traversal(5899)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5899" + }, + { + "name": "20010109 bugtraq id 2173 Lotus Domino Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/155124" + }, + { + "name": "20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/154537" + }, + { + "name": "2173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2173" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0211.json b/2001/0xxx/CVE-2001-0211.json index 2a348415132..2d3733c8a9e 100644 --- a/2001/0xxx/CVE-2001-0211.json +++ b/2001/0xxx/CVE-2001-0211.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010212 WebSPIRS CGI script \"show files\" Vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0217.html" - }, - { - "name" : "2362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010212 WebSPIRS CGI script \"show files\" Vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0217.html" + }, + { + "name": "2362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2362" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0500.json b/2001/0xxx/CVE-2001-0500.json index e8b31388b1a..88262862286 100644 --- a/2001/0xxx/CVE-2001-0500.json +++ b/2001/0xxx/CVE-2001-0500.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/191873" - }, - { - "name" : "MS01-033", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033" - }, - { - "name" : "CA-2001-13", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-13.html" - }, - { - "name" : "2880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2880" - }, - { - "name" : "iis-isapi-idq-bo(6705)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6705.php" - }, - { - "name" : "L-098", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-098.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:197", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-033", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033" + }, + { + "name": "20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/191873" + }, + { + "name": "2880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2880" + }, + { + "name": "L-098", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-098.shtml" + }, + { + "name": "iis-isapi-idq-bo(6705)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6705.php" + }, + { + "name": "oval:org.mitre.oval:def:197", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197" + }, + { + "name": "CA-2001-13", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-13.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0699.json b/2001/0xxx/CVE-2001-0699.json index f1bdbfda615..96b6fcf31ab 100644 --- a/2001/0xxx/CVE-2001-0699.json +++ b/2001/0xxx/CVE-2001-0699.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010620 Solaris /opt/SUNWssp/bin/cb_reset Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/192299" - }, - { - "name" : "2893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2893" - }, - { - "name" : "sun-cbreset-bo(6726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2893" + }, + { + "name": "20010620 Solaris /opt/SUNWssp/bin/cb_reset Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/192299" + }, + { + "name": "sun-cbreset-bo(6726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6726" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1228.json b/2001/1xxx/CVE-2001-1228.json index 81ad0be0a98..9847324dd07 100644 --- a/2001/1xxx/CVE-2001-1228.json +++ b/2001/1xxx/CVE-2001-1228.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011230 gzip bug w/ patch..", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/247717" - }, - { - "name" : "NetBSD-SA2002-002", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-002.txt.asc" - }, - { - "name" : "3712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3712" - }, - { - "name" : "gzip-long-filename-bo(7882)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7882.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011230 gzip bug w/ patch..", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/247717" + }, + { + "name": "NetBSD-SA2002-002", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-002.txt.asc" + }, + { + "name": "gzip-long-filename-bo(7882)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7882.php" + }, + { + "name": "3712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3712" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1476.json b/2001/1xxx/CVE-2001-1476.json index 1cf575f5782..e36bfa9f56e 100644 --- a/2001/1xxx/CVE-2001-1476.json +++ b/2001/1xxx/CVE-2001-1476.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SSH before 2.0, with RC4 encryption and the \"disallow NULL passwords\" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#565052", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/565052" - }, - { - "name" : "ssh-rc4-replay-conversation(6490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SSH before 2.0, with RC4 encryption and the \"disallow NULL passwords\" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ssh-rc4-replay-conversation(6490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6490" + }, + { + "name": "VU#565052", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/565052" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1594.json b/2001/1xxx/CVE-2001-1594.json index a61b2cc174c..5d75cd11d82 100644 --- a/2001/1xxx/CVE-2001-1594.json +++ b/2001/1xxx/CVE-2001-1594.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" - }, - { - "name" : "https://twitter.com/digitalbond/status/619250429751222277", - "refsource" : "MISC", - "url" : "https://twitter.com/digitalbond/status/619250429751222277" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" - }, - { - "name" : "http://apps.gehealthcare.com/servlet/ClientServlet/2263784.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2263784-100&FILENAME=2263784.pdf&FILEREV=5&DOCREV_ORG=5&SUBMIT=+ACCEPT+", - "refsource" : "CONFIRM", - "url" : "http://apps.gehealthcare.com/servlet/ClientServlet/2263784.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2263784-100&FILENAME=2263784.pdf&FILEREV=5&DOCREV_ORG=5&SUBMIT=+ACCEPT+" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://apps.gehealthcare.com/servlet/ClientServlet/2263784.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2263784-100&FILENAME=2263784.pdf&FILEREV=5&DOCREV_ORG=5&SUBMIT=+ACCEPT+", + "refsource": "CONFIRM", + "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2263784.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2263784-100&FILENAME=2263784.pdf&FILEREV=5&DOCREV_ORG=5&SUBMIT=+ACCEPT+" + }, + { + "name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" + }, + { + "name": "https://twitter.com/digitalbond/status/619250429751222277", + "refsource": "MISC", + "url": "https://twitter.com/digitalbond/status/619250429751222277" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2447.json b/2006/2xxx/CVE-2006-2447.json index 9f7d80081be..390be35a526 100644 --- a/2006/2xxx/CVE-2006-2447.json +++ b/2006/2xxx/CVE-2006-2447.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060607 rPSA-2006-0096-1 spamassassin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436288/100/0/threaded" - }, - { - "name" : "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html", - "refsource" : "CONFIRM", - "url" : "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html" - }, - { - "name" : "DSA-1090", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1090" - }, - { - "name" : "GLSA-200606-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml" - }, - { - "name" : "MDKSA-2006:103", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103" - }, - { - "name" : "RHSA-2006:0543", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0543.html" - }, - { - "name" : "2006-0034", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0034/" - }, - { - "name" : "18290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18290" - }, - { - "name" : "oval:org.mitre.oval:def:9184", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184" - }, - { - "name" : "ADV-2006-2148", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2148" - }, - { - "name" : "1016230", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016230" - }, - { - "name" : "1016235", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016235" - }, - { - "name" : "20443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20443" - }, - { - "name" : "20430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20430" - }, - { - "name" : "20482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20482" - }, - { - "name" : "20531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20531" - }, - { - "name" : "20566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20566" - }, - { - "name" : "20692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20692" - }, - { - "name" : "spamassassin-spamd-command-execution(27008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20482" + }, + { + "name": "20060607 rPSA-2006-0096-1 spamassassin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:9184", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184" + }, + { + "name": "2006-0034", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0034/" + }, + { + "name": "GLSA-200606-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml" + }, + { + "name": "20692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20692" + }, + { + "name": "20566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20566" + }, + { + "name": "18290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18290" + }, + { + "name": "20430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20430" + }, + { + "name": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html", + "refsource": "CONFIRM", + "url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html" + }, + { + "name": "RHSA-2006:0543", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html" + }, + { + "name": "ADV-2006-2148", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2148" + }, + { + "name": "20531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20531" + }, + { + "name": "1016230", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016230" + }, + { + "name": "DSA-1090", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1090" + }, + { + "name": "spamassassin-spamd-command-execution(27008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008" + }, + { + "name": "20443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20443" + }, + { + "name": "1016235", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016235" + }, + { + "name": "MDKSA-2006:103", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2772.json b/2006/2xxx/CVE-2006-2772.json index 31451add80c..1678559d503 100644 --- a/2006/2xxx/CVE-2006-2772.json +++ b/2006/2xxx/CVE-2006-2772.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18203" - }, - { - "name" : "ADV-2006-2082", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2082" - }, - { - "name" : "20402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20402" - }, - { - "name" : "hogstorp-guestbook-add-xss(26980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2082", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2082" + }, + { + "name": "18203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18203" + }, + { + "name": "hogstorp-guestbook-add-xss(26980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26980" + }, + { + "name": "20402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20402" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6490.json b/2006/6xxx/CVE-2006-6490.json index 96506c916e0..68ba617acf9 100644 --- a/2006/6xxx/CVE-2006-6490.json +++ b/2006/6xxx/CVE-2006-6490.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2006-6490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478" - }, - { - "name" : "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461147/100/0/threaded" - }, - { - "name" : "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2007.02.22.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2007.02.22.html" - }, - { - "name" : "VU#441785", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/441785" - }, - { - "name" : "22564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22564" - }, - { - "name" : "ADV-2007-0703", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0703" - }, - { - "name" : "ADV-2007-0704", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0704" - }, - { - "name" : "33481", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33481" - }, - { - "name" : "33482", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33482" - }, - { - "name" : "1017688", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017688" - }, - { - "name" : "1017689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017689" - }, - { - "name" : "1017690", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017690" - }, - { - "name" : "1017691", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017691" - }, - { - "name" : "24246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24246" - }, - { - "name" : "24251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24251" - }, - { - "name" : "supportsoft-activex-multiple-bo(32636)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html" + }, + { + "name": "VU#441785", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/441785" + }, + { + "name": "ADV-2007-0704", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0704" + }, + { + "name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded" + }, + { + "name": "1017688", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017688" + }, + { + "name": "ADV-2007-0703", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0703" + }, + { + "name": "1017691", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017691" + }, + { + "name": "33482", + "refsource": "OSVDB", + "url": "http://osvdb.org/33482" + }, + { + "name": "24251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24251" + }, + { + "name": "22564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22564" + }, + { + "name": "1017689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017689" + }, + { + "name": "1017690", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017690" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html" + }, + { + "name": "supportsoft-activex-multiple-bo(32636)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636" + }, + { + "name": "33481", + "refsource": "OSVDB", + "url": "http://osvdb.org/33481" + }, + { + "name": "24246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24246" + }, + { + "name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6745.json b/2006/6xxx/CVE-2006-6745.json index 91abb75fd29..7c024c5ac2b 100644 --- a/2006/6xxx/CVE-2006-6745.json +++ b/2006/6xxx/CVE-2006-6745.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307177", - "refsource" : "MISC", - "url" : "http://docs.info.apple.com/article.html?artnum=307177" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" - }, - { - "name" : "APPLE-SA-2007-12-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" - }, - { - "name" : "BEA07-171.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/240" - }, - { - "name" : "GLSA-200701-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-15.xml" - }, - { - "name" : "GLSA-200702-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200702-08.xml" - }, - { - "name" : "GLSA-200705-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml" - }, - { - "name" : "HPSBUX02196", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579" - }, - { - "name" : "SSRT071318", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579" - }, - { - "name" : "RHSA-2007:0062", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0062.html" - }, - { - "name" : "RHSA-2007:0073", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0073.html" - }, - { - "name" : "102731", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1" - }, - { - "name" : "SUSE-SA:2007:003", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html" - }, - { - "name" : "SUSE-SA:2007:010", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html" - }, - { - "name" : "SUSE-SA:2007:045", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_45_java.html" - }, - { - "name" : "TA07-022A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-022A.html" - }, - { - "name" : "VU#102289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/102289" - }, - { - "name" : "21673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21673" - }, - { - "name" : "oval:org.mitre.oval:def:9621", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9621" - }, - { - "name" : "ADV-2006-5074", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5074" - }, - { - "name" : "ADV-2007-0936", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0936" - }, - { - "name" : "ADV-2007-1814", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1814" - }, - { - "name" : "ADV-2007-4224", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4224" - }, - { - "name" : "1017426", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017426" - }, - { - "name" : "23650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23650" - }, - { - "name" : "23445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23445" - }, - { - "name" : "23835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23835" - }, - { - "name" : "24099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24099" - }, - { - "name" : "24189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24189" - }, - { - "name" : "24468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24468" - }, - { - "name" : "25283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25283" - }, - { - "name" : "25404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25404" - }, - { - "name" : "26049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26049" - }, - { - "name" : "26119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26119" - }, - { - "name" : "28115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21673" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307177", + "refsource": "MISC", + "url": "http://docs.info.apple.com/article.html?artnum=307177" + }, + { + "name": "24468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24468" + }, + { + "name": "HPSBUX02196", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579" + }, + { + "name": "26049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26049" + }, + { + "name": "RHSA-2007:0062", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0062.html" + }, + { + "name": "ADV-2007-1814", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1814" + }, + { + "name": "25283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25283" + }, + { + "name": "oval:org.mitre.oval:def:9621", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9621" + }, + { + "name": "24099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24099" + }, + { + "name": "25404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25404" + }, + { + "name": "24189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24189" + }, + { + "name": "SSRT071318", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579" + }, + { + "name": "SUSE-SA:2007:045", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" + }, + { + "name": "APPLE-SA-2007-12-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" + }, + { + "name": "SUSE-SA:2007:003", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html" + }, + { + "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" + }, + { + "name": "SUSE-SA:2007:010", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html" + }, + { + "name": "26119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26119" + }, + { + "name": "23445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23445" + }, + { + "name": "ADV-2007-4224", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4224" + }, + { + "name": "23650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23650" + }, + { + "name": "23835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23835" + }, + { + "name": "1017426", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017426" + }, + { + "name": "RHSA-2007:0073", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0073.html" + }, + { + "name": "VU#102289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/102289" + }, + { + "name": "GLSA-200705-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml" + }, + { + "name": "28115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28115" + }, + { + "name": "102731", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1" + }, + { + "name": "BEA07-171.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/240" + }, + { + "name": "ADV-2006-5074", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5074" + }, + { + "name": "ADV-2007-0936", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0936" + }, + { + "name": "GLSA-200702-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml" + }, + { + "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" + }, + { + "name": "TA07-022A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html" + }, + { + "name": "GLSA-200701-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-15.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6932.json b/2006/6xxx/CVE-2006-6932.json index 2f3ca22ce61..c24359793c9 100644 --- a/2006/6xxx/CVE-2006-6932.json +++ b/2006/6xxx/CVE-2006-6932.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061116 Image gallery with Access Database SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451875/100/0/threaded" - }, - { - "name" : "21131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21131" - }, - { - "name" : "2147", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2147", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2147" + }, + { + "name": "21131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21131" + }, + { + "name": "20061116 Image gallery with Access Database SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451875/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2016.json b/2011/2xxx/CVE-2011-2016.json index 918cf41607b..b309c959f17 100644 --- a/2011/2xxx/CVE-2011-2016.json +++ b/2011/2xxx/CVE-2011-2016.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka \"Windows Mail Insecure Library Loading Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-2016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-085", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-085" - }, - { - "name" : "oval:org.mitre.oval:def:14028", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka \"Windows Mail Insecure Library Loading Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-085", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-085" + }, + { + "name": "oval:org.mitre.oval:def:14028", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14028" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2037.json b/2011/2xxx/CVE-2011-2037.json index 76f8e8d6b0f..a398fad252d 100644 --- a/2011/2xxx/CVE-2011-2037.json +++ b/2011/2xxx/CVE-2011-2037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2037", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2037", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2320.json b/2011/2xxx/CVE-2011-2320.json index 0012a8f4228..088a9725458 100644 --- a/2011/2xxx/CVE-2011-2320.json +++ b/2011/2xxx/CVE-2011-2320.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50198" - }, - { - "name" : "76492", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76492", + "refsource": "OSVDB", + "url": "http://osvdb.org/76492" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "50198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50198" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2540.json b/2011/2xxx/CVE-2011-2540.json index 63c5f012c1e..0a7b7be1c5d 100644 --- a/2011/2xxx/CVE-2011-2540.json +++ b/2011/2xxx/CVE-2011-2540.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2540", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2540", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2648.json b/2011/2xxx/CVE-2011-2648.json index e36469107c3..0fa03f50854 100644 --- a/2011/2xxx/CVE-2011-2648.json +++ b/2011/2xxx/CVE-2011-2648.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a filter in a modified file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/security/cve/CVE-2011-2648.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2011-2648.html" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=701814", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=701814" - }, - { - "name" : "SUSE-SU-2011:0917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html" - }, - { - "name" : "49236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49236" - }, - { - "name" : "kiwi-filters-code-execution(69283)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a filter in a modified file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49236" + }, + { + "name": "http://support.novell.com/security/cve/CVE-2011-2648.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2011-2648.html" + }, + { + "name": "SUSE-SU-2011:0917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html" + }, + { + "name": "kiwi-filters-code-execution(69283)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69283" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=701814", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=701814" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3045.json b/2011/3xxx/CVE-2011-3045.json index 032b601262a..a55735860ab 100644 --- a/2011/3xxx/CVE-2011-3045.json +++ b/2011/3xxx/CVE-2011-3045.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=116162", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=116162" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html" - }, - { - "name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b", - "refsource" : "CONFIRM", - "url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b" - }, - { - "name" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=125311", - "refsource" : "CONFIRM", - "url" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=125311" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=799000", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=799000" - }, - { - "name" : "DSA-2439", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2439" - }, - { - "name" : "FEDORA-2012-3705", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html" - }, - { - "name" : "FEDORA-2012-3739", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html" - }, - { - "name" : "FEDORA-2012-3507", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html" - }, - { - "name" : "FEDORA-2012-3536", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html" - }, - { - "name" : "FEDORA-2012-3545", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html" - }, - { - "name" : "FEDORA-2012-3605", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html" - }, - { - "name" : "GLSA-201206-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-15.xml" - }, - { - "name" : "MDVSA-2012:033", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:033" - }, - { - "name" : "RHSA-2012:0488", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0488.html" - }, - { - "name" : "RHSA-2012:0407", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0407.html" - }, - { - "name" : "openSUSE-SU-2012:0432", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html" - }, - { - "name" : "openSUSE-SU-2012:0466", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html" - }, - { - "name" : "oval:org.mitre.oval:def:14763", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763" - }, - { - "name" : "1026823", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026823" - }, - { - "name" : "48320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48320" - }, - { - "name" : "48485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48485" - }, - { - "name" : "48512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48512" - }, - { - "name" : "48554", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48554" - }, - { - "name" : "49660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2012-3545", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html" + }, + { + "name": "49660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49660" + }, + { + "name": "RHSA-2012:0407", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0407.html" + }, + { + "name": "MDVSA-2012:033", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:033" + }, + { + "name": "FEDORA-2012-3507", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html" + }, + { + "name": "DSA-2439", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2439" + }, + { + "name": "FEDORA-2012-3605", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html" + }, + { + "name": "48320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48320" + }, + { + "name": "http://src.chromium.org/viewvc/chrome?view=rev&revision=125311", + "refsource": "CONFIRM", + "url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=125311" + }, + { + "name": "FEDORA-2012-3739", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html" + }, + { + "name": "FEDORA-2012-3536", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html" + }, + { + "name": "openSUSE-SU-2012:0466", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html" + }, + { + "name": "GLSA-201206-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-15.xml" + }, + { + "name": "RHSA-2012:0488", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" + }, + { + "name": "oval:org.mitre.oval:def:14763", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=799000", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799000" + }, + { + "name": "48485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48485" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html" + }, + { + "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b", + "refsource": "CONFIRM", + "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b" + }, + { + "name": "48554", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48554" + }, + { + "name": "openSUSE-SU-2012:0432", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=116162", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=116162" + }, + { + "name": "1026823", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026823" + }, + { + "name": "FEDORA-2012-3705", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html" + }, + { + "name": "48512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48512" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3088.json b/2011/3xxx/CVE-2011-3088.json index 3ba7948f01d..08b64c6bfd4 100644 --- a/2011/3xxx/CVE-2011-3088.json +++ b/2011/3xxx/CVE-2011-3088.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=120648", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=120648" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" - }, - { - "name" : "GLSA-201205-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201205-03.xml" - }, - { - "name" : "openSUSE-SU-2012:0656", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" - }, - { - "name" : "53540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53540" - }, - { - "name" : "oval:org.mitre.oval:def:15581", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15581" - }, - { - "name" : "1027067", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027067" - }, - { - "name" : "chrome-hairline-code-execution(75593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201205-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201205-03.xml" + }, + { + "name": "openSUSE-SU-2012:0656", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" + }, + { + "name": "1027067", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027067" + }, + { + "name": "oval:org.mitre.oval:def:15581", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15581" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" + }, + { + "name": "53540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53540" + }, + { + "name": "chrome-hairline-code-execution(75593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75593" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=120648", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=120648" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3219.json b/2011/3xxx/CVE-2011-3219.json index 16c0724f262..54fa430cd47 100644 --- a/2011/3xxx/CVE-2011-3219.json +++ b/2011/3xxx/CVE-2011-3219.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "http://support.apple.com/kb/HT5016", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5016" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "76374", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76374" - }, - { - "name" : "oval:org.mitre.oval:def:17228", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17228", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17228" + }, + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5016", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5016" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "76374", + "refsource": "OSVDB", + "url": "http://osvdb.org/76374" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3557.json b/2011/3xxx/CVE-2011-3557.json index 7c8dc552295..0d9cf75113c 100644 --- a/2011/3xxx/CVE-2011-3557.json +++ b/2011/3xxx/CVE-2011-3557.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02730", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "SSRT100710", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBUX02760", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2" - }, - { - "name" : "HPSBUX02777", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100805", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2" - }, - { - "name" : "SSRT100854", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:1384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1384.html" - }, - { - "name" : "RHSA-2012:0006", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2012-0006.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2012:0508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0508.html" - }, - { - "name" : "SUSE-SU-2012:0114", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" - }, - { - "name" : "SUSE-SU-2012:0122", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" - }, - { - "name" : "SUSE-SU-2012:0602", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html" - }, - { - "name" : "USN-1263-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1263-1" - }, - { - "name" : "50234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50234" - }, - { - "name" : "76506", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76506" - }, - { - "name" : "oval:org.mitre.oval:def:14373", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373" - }, - { - "name" : "1026215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026215" - }, - { - "name" : "49198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49198" - }, - { - "name" : "48692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48692" - }, - { - "name" : "48915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48915" - }, - { - "name" : "48948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48948" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - }, - { - "name" : "oracle-jre-rmi-unspecified(70836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50234" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "48692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48692" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "SSRT100805", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "oracle-jre-rmi-unspecified(70836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70836" + }, + { + "name": "HPSBUX02730", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "SUSE-SU-2012:0602", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html" + }, + { + "name": "SUSE-SU-2012:0114", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "oval:org.mitre.oval:def:14373", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373" + }, + { + "name": "SSRT100710", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "48948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48948" + }, + { + "name": "RHSA-2011:1384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html" + }, + { + "name": "48915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48915" + }, + { + "name": "76506", + "refsource": "OSVDB", + "url": "http://osvdb.org/76506" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" + }, + { + "name": "RHSA-2012:0508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "49198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49198" + }, + { + "name": "RHSA-2012:0006", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html" + }, + { + "name": "SUSE-SU-2012:0122", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" + }, + { + "name": "HPSBUX02777", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "HPSBUX02760", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2" + }, + { + "name": "SSRT100854", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "1026215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026215" + }, + { + "name": "USN-1263-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1263-1" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4159.json b/2011/4xxx/CVE-2011-4159.json index ea88602a7ee..ef49da6c52e 100644 --- a/2011/4xxx/CVE-2011-4159.json +++ b/2011/4xxx/CVE-2011-4159.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-4159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02724", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03089106" - }, - { - "name" : "SSRT100650", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03089106" - }, - { - "name" : "oval:org.mitre.oval:def:14353", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100650", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03089106" + }, + { + "name": "oval:org.mitre.oval:def:14353", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14353" + }, + { + "name": "HPSBUX02724", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03089106" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4212.json b/2011/4xxx/CVE-2011-4212.json index 2c88ce6ce8f..bfe6d07ef54 100644 --- a/2011/4xxx/CVE-2011-4212.json +++ b/2011/4xxx/CVE-2011-4212.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.watchfire.com/files/googleappenginesdk.pdf", - "refsource" : "MISC", - "url" : "http://blog.watchfire.com/files/googleappenginesdk.pdf" - }, - { - "name" : "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes", - "refsource" : "MISC", - "url" : "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes" - }, - { - "name" : "google-apps-ospopen-priv-esc(71063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes", + "refsource": "MISC", + "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes" + }, + { + "name": "http://blog.watchfire.com/files/googleappenginesdk.pdf", + "refsource": "MISC", + "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf" + }, + { + "name": "google-apps-ospopen-priv-esc(71063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71063" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4235.json b/2011/4xxx/CVE-2011-4235.json index 92c6c9b6070..4d5d212f40e 100644 --- a/2011/4xxx/CVE-2011-4235.json +++ b/2011/4xxx/CVE-2011-4235.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4235", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4235", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4538.json b/2011/4xxx/CVE-2011-4538.json index dbebf4162fb..435ca2c1351 100644 --- a/2011/4xxx/CVE-2011-4538.json +++ b/2011/4xxx/CVE-2011-4538.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4538", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4538", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4557.json b/2011/4xxx/CVE-2011-4557.json index b3ad5282d0c..8c5f104d6c0 100644 --- a/2011/4xxx/CVE-2011-4557.json +++ b/2011/4xxx/CVE-2011-4557.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4557", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4557", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4640.json b/2011/4xxx/CVE-2011-4640.json index 0b4a40e93aa..4b8bb7b6a5d 100644 --- a/2011/4xxx/CVE-2011-4640.json +++ b/2011/4xxx/CVE-2011-4640.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sec-1.com/blog/?p=211", - "refsource" : "MISC", - "url" : "http://www.sec-1.com/blog/?p=211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sec-1.com/blog/?p=211", + "refsource": "MISC", + "url": "http://www.sec-1.com/blog/?p=211" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0173.json b/2013/0xxx/CVE-2013-0173.json index 075831b8031..5298c6e292b 100644 --- a/2013/0xxx/CVE-2013-0173.json +++ b/2013/0xxx/CVE-2013-0173.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foreman before 1.1 uses a salt of \"foreman\" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.theforeman.org/issues/2069", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/2069" - }, - { - "name" : "http://theforeman.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://theforeman.org/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foreman before 1.1 uses a salt of \"foreman\" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://projects.theforeman.org/issues/2069", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/2069" + }, + { + "name": "http://theforeman.org/security.html", + "refsource": "CONFIRM", + "url": "http://theforeman.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0817.json b/2013/0xxx/CVE-2013-0817.json index 4357be677e8..c7d14f9ff37 100644 --- a/2013/0xxx/CVE-2013-0817.json +++ b/2013/0xxx/CVE-2013-0817.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0817", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0817", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0980.json b/2013/0xxx/CVE-2013-0980.json index 680c6ba0232..f6ea4e1662d 100644 --- a/2013/0xxx/CVE-2013-0980.json +++ b/2013/0xxx/CVE-2013-0980.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5704", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5704" - }, - { - "name" : "APPLE-SA-2013-03-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-03-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT5704", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5704" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1011.json b/2013/1xxx/CVE-2013-1011.json index 90743c03b74..07af735201a 100644 --- a/2013/1xxx/CVE-2013-1011.json +++ b/2013/1xxx/CVE-2013-1011.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-1011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5766", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5766" - }, - { - "name" : "http://support.apple.com/kb/HT5785", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5785" - }, - { - "name" : "APPLE-SA-2013-05-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" - }, - { - "name" : "APPLE-SA-2013-06-04-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" - }, - { - "name" : "oval:org.mitre.oval:def:17407", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5785", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5785" + }, + { + "name": "oval:org.mitre.oval:def:17407", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17407" + }, + { + "name": "APPLE-SA-2013-06-04-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT5766", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5766" + }, + { + "name": "APPLE-SA-2013-05-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1538.json b/2013/1xxx/CVE-2013-1538.json index 647e83ce145..2a3f053fe73 100644 --- a/2013/1xxx/CVE-2013-1538.json +++ b/2013/1xxx/CVE-2013-1538.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "SUSE-SU-2013:0810", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00005.html" - }, - { - "name" : "SUSE-SU-2013:0811", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0810", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00005.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "SUSE-SU-2013:0811", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00006.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1619.json b/2013/1xxx/CVE-2013-1619.json index 8fbee3ac384..4a0e94fef04 100644 --- a/2013/1xxx/CVE-2013-1619.json +++ b/2013/1xxx/CVE-2013-1619.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/02/05/24" - }, - { - "name" : "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", - "refsource" : "MISC", - "url" : "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf" - }, - { - "name" : "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html", - "refsource" : "CONFIRM", - "url" : "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html" - }, - { - "name" : "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1", - "refsource" : "CONFIRM", - "url" : "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1" - }, - { - "name" : "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0", - "refsource" : "CONFIRM", - "url" : "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0" - }, - { - "name" : "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198", - "refsource" : "CONFIRM", - "url" : "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198" - }, - { - "name" : "RHSA-2013:0588", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0588.html" - }, - { - "name" : "openSUSE-SU-2013:0807", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html" - }, - { - "name" : "SUSE-SU-2014:0320", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" - }, - { - "name" : "SUSE-SU-2014:0322", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html" - }, - { - "name" : "openSUSE-SU-2014:0346", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html" - }, - { - "name" : "USN-1752-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1752-1" - }, - { - "name" : "57260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57260" - }, - { - "name" : "57274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57260" + }, + { + "name": "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0", + "refsource": "CONFIRM", + "url": "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0" + }, + { + "name": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1", + "refsource": "CONFIRM", + "url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1" + }, + { + "name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", + "refsource": "MISC", + "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf" + }, + { + "name": "57274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57274" + }, + { + "name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/02/05/24" + }, + { + "name": "SUSE-SU-2014:0320", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" + }, + { + "name": "SUSE-SU-2014:0322", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html" + }, + { + "name": "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html", + "refsource": "CONFIRM", + "url": "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html" + }, + { + "name": "USN-1752-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1752-1" + }, + { + "name": "openSUSE-SU-2013:0807", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html" + }, + { + "name": "openSUSE-SU-2014:0346", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html" + }, + { + "name": "RHSA-2013:0588", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0588.html" + }, + { + "name": "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198", + "refsource": "CONFIRM", + "url": "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1833.json b/2013/1xxx/CVE-2013-1833.json index ec61d338612..bf5fa74326a 100644 --- a/2013/1xxx/CVE-2013-1833.json +++ b/2013/1xxx/CVE-2013-1833.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130325 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/03/25/2" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=225344", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=225344" - }, - { - "name" : "FEDORA-2013-4387", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" - }, - { - "name" : "FEDORA-2013-4404", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2013-4387", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=225344", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=225344" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507" + }, + { + "name": "FEDORA-2013-4404", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" + }, + { + "name": "[oss-security] 20130325 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/03/25/2" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5019.json b/2013/5xxx/CVE-2013-5019.json index eacbcc8a6dc..220cb1f7f8d 100644 --- a/2013/5xxx/CVE-2013-5019.json +++ b/2013/5xxx/CVE-2013-5019.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26739", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/26739" - }, - { - "name" : "31736", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/31736" - }, - { - "name" : "31814", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/31814" - }, - { - "name" : "44472", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44472/" - }, - { - "name" : "61130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61130" - }, - { - "name" : "95164", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/95164" - }, - { - "name" : "ultraminihttpd-resourcename-bo(85599)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95164", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/95164" + }, + { + "name": "ultraminihttpd-resourcename-bo(85599)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85599" + }, + { + "name": "61130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61130" + }, + { + "name": "26739", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/26739" + }, + { + "name": "44472", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44472/" + }, + { + "name": "31736", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/31736" + }, + { + "name": "31814", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/31814" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5944.json b/2013/5xxx/CVE-2013-5944.json index bc2606abf5a..b7575a6b509 100644 --- a/2013/5xxx/CVE-2013-5944.json +++ b/2013/5xxx/CVE-2013-5944.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2685.json b/2014/2xxx/CVE-2014-2685.json index 0769bc2e7c6..bd46b8569f1 100644 --- a/2014/2xxx/CVE-2014-2685.json +++ b/2014/2xxx/CVE-2014-2685.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/0" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0151.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0151.html" - }, - { - "name" : "http://framework.zend.com/security/advisory/ZF2014-02", - "refsource" : "CONFIRM", - "url" : "http://framework.zend.com/security/advisory/ZF2014-02" - }, - { - "name" : "DSA-3265", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3265" - }, - { - "name" : "MDVSA-2014:072", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072" - }, - { - "name" : "66358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/0" + }, + { + "name": "MDVSA-2014:072", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0151.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0151.html" + }, + { + "name": "66358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66358" + }, + { + "name": "DSA-3265", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3265" + }, + { + "name": "http://framework.zend.com/security/advisory/ZF2014-02", + "refsource": "CONFIRM", + "url": "http://framework.zend.com/security/advisory/ZF2014-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2804.json b/2014/2xxx/CVE-2014-2804.json index 675ab6f8989..5cf6ef64345 100644 --- a/2014/2xxx/CVE-2014-2804.json +++ b/2014/2xxx/CVE-2014-2804.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2798." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68386" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2798." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68386" + }, + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2805.json b/2014/2xxx/CVE-2014-2805.json index 42617efc93d..dccf1f4c64a 100644 --- a/2014/2xxx/CVE-2014-2805.json +++ b/2014/2xxx/CVE-2014-2805.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2805", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-2805", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6122.json b/2014/6xxx/CVE-2014-6122.json index 7e51a05119f..dff173170d7 100644 --- a/2014/6xxx/CVE-2014-6122.json +++ b/2014/6xxx/CVE-2014-6122.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693035", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693035" - }, - { - "name" : "1031427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031427" - }, - { - "name" : "ibm-appscan-cve20146122-sec-bypass(96723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031427" + }, + { + "name": "ibm-appscan-cve20146122-sec-bypass(96723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96723" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693035", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693035" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0984.json b/2017/0xxx/CVE-2017-0984.json index 63bf4036c78..532d134291d 100644 --- a/2017/0xxx/CVE-2017-0984.json +++ b/2017/0xxx/CVE-2017-0984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0984", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0984", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000187.json b/2017/1000xxx/CVE-2017-1000187.json index aa8b225a005..6fea484ed61 100644 --- a/2017/1000xxx/CVE-2017-1000187.json +++ b/2017/1000xxx/CVE-2017-1000187.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.409205", - "ID" : "CVE-2017-1000187", - "REQUESTER" : "vuln_reporter@srcms.xyz", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "swftools", - "version" : { - "version_data" : [ - { - "version_value" : "latest" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.409205", + "ID": "CVE-2017-1000187", + "REQUESTER": "vuln_reporter@srcms.xyz", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/matthiaskramm/swftools/issues/36", - "refsource" : "MISC", - "url" : "https://github.com/matthiaskramm/swftools/issues/36" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/matthiaskramm/swftools/issues/36", + "refsource": "MISC", + "url": "https://github.com/matthiaskramm/swftools/issues/36" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000419.json b/2017/1000xxx/CVE-2017-1000419.json index 86c30482a85..7a8bfac0747 100644 --- a/2017/1000xxx/CVE-2017-1000419.json +++ b/2017/1000xxx/CVE-2017-1000419.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000419", - "REQUESTER" : "j.singh@sec-consult.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "phpBB", - "version" : { - "version_data" : [ - { - "version_value" : "3.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "phpBB" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server Side Request Forgery (SSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000419", + "REQUESTER": "j.singh@sec-consult.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html" - }, - { - "name" : "https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136", - "refsource" : "CONFIRM", - "url" : "https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136", + "refsource": "CONFIRM", + "url": "https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16179.json b/2017/16xxx/CVE-2017-16179.json index 4fe194a35a6..91596fc20ba 100644 --- a/2017/16xxx/CVE-2017-16179.json +++ b/2017/16xxx/CVE-2017-16179.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "dasafio node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url. File access is restricted to only .html files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "dasafio node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/dasafio", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/dasafio" - }, - { - "name" : "https://nodesecurity.io/advisories/460", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url. File access is restricted to only .html files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/dasafio", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/dasafio" + }, + { + "name": "https://nodesecurity.io/advisories/460", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/460" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16209.json b/2017/16xxx/CVE-2017-16209.json index a4513280a79..438dec9740c 100644 --- a/2017/16xxx/CVE-2017-16209.json +++ b/2017/16xxx/CVE-2017-16209.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "enserver node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "enserver node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/enserver", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/enserver" - }, - { - "name" : "https://nodesecurity.io/advisories/425", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/425", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/425" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/enserver", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/enserver" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16420.json b/2017/16xxx/CVE-2017-16420.json index 1bfe598db15..62181784697 100644 --- a/2017/16xxx/CVE-2017-16420.json +++ b/2017/16xxx/CVE-2017-16420.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "102140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102140" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "102140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102140" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16920.json b/2017/16xxx/CVE-2017-16920.json index f19277eedda..9e969658fdf 100644 --- a/2017/16xxx/CVE-2017-16920.json +++ b/2017/16xxx/CVE-2017-16920.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitee.com/dayrui/finecms/commit/ff4b7ad3c3fbd3245b3bb7bc774d20c9705d9882", - "refsource" : "MISC", - "url" : "https://gitee.com/dayrui/finecms/commit/ff4b7ad3c3fbd3245b3bb7bc774d20c9705d9882" - }, - { - "name" : "https://user-images.githubusercontent.com/31153532/33065202-21b536f2-cee3-11e7-997a-c7d4f1b00ca7.jpg", - "refsource" : "MISC", - "url" : "https://user-images.githubusercontent.com/31153532/33065202-21b536f2-cee3-11e7-997a-c7d4f1b00ca7.jpg" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitee.com/dayrui/finecms/commit/ff4b7ad3c3fbd3245b3bb7bc774d20c9705d9882", + "refsource": "MISC", + "url": "https://gitee.com/dayrui/finecms/commit/ff4b7ad3c3fbd3245b3bb7bc774d20c9705d9882" + }, + { + "name": "https://user-images.githubusercontent.com/31153532/33065202-21b536f2-cee3-11e7-997a-c7d4f1b00ca7.jpg", + "refsource": "MISC", + "url": "https://user-images.githubusercontent.com/31153532/33065202-21b536f2-cee3-11e7-997a-c7d4f1b00ca7.jpg" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1991.json b/2017/1xxx/CVE-2017-1991.json index 04f8e4e1eac..198d11d3d61 100644 --- a/2017/1xxx/CVE-2017-1991.json +++ b/2017/1xxx/CVE-2017-1991.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1991", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1991", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4060.json b/2017/4xxx/CVE-2017-4060.json index 697bf399b78..f14fd8ad160 100644 --- a/2017/4xxx/CVE-2017-4060.json +++ b/2017/4xxx/CVE-2017-4060.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4060", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4060", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4445.json b/2017/4xxx/CVE-2017-4445.json index bf1c89f43b0..9af0cfd5fa0 100644 --- a/2017/4xxx/CVE-2017-4445.json +++ b/2017/4xxx/CVE-2017-4445.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4445", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4445", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4642.json b/2017/4xxx/CVE-2017-4642.json index b69a38aaa27..430057b688c 100644 --- a/2017/4xxx/CVE-2017-4642.json +++ b/2017/4xxx/CVE-2017-4642.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4642", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4642", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4928.json b/2017/4xxx/CVE-2017-4928.json index eb2c0ecfef7..d8a7c88658e 100644 --- a/2017/4xxx/CVE-2017-4928.json +++ b/2017/4xxx/CVE-2017-4928.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2017-11-09T00:00:00", - "ID" : "CVE-2017-4928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "vSphere Web Client", - "version" : { - "version_data" : [ - { - "version_value" : "6.0 prior to 6.0 U3c" - }, - { - "version_value" : "5.5 prior to 5.5 U3f" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server-side request forgery and carriage return line feed injection issues" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2017-11-09T00:00:00", + "ID": "CVE-2017-4928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vSphere Web Client", + "version": { + "version_data": [ + { + "version_value": "6.0 prior to 6.0 U3c" + }, + { + "version_value": "5.5 prior to 5.5 U3f" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2017-0017.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2017-0017.html" - }, - { - "name" : "101785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101785" - }, - { - "name" : "1039759", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-side request forgery and carriage return line feed injection issues" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html" + }, + { + "name": "1039759", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039759" + }, + { + "name": "101785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101785" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4962.json b/2017/4xxx/CVE-2017-4962.json index 9ed5fff8bf2..4d4464b47e8 100644 --- a/2017/4xxx/CVE-2017-4962.json +++ b/2017/4xxx/CVE-2017-4962.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4962", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4962", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5307.json b/2018/5xxx/CVE-2018-5307.json index ce94018333b..2864061dee6 100644 --- a/2018/5xxx/CVE-2018-5307.json +++ b/2018/5xxx/CVE-2018-5307.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the \"File Upload\" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180208 SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Feb/23" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html" - }, - { - "name" : "https://support.sonatype.com/hc/en-us/articles/360000134928", - "refsource" : "CONFIRM", - "url" : "https://support.sonatype.com/hc/en-us/articles/360000134928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the \"File Upload\" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180208 SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Feb/23" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html" + }, + { + "name": "https://support.sonatype.com/hc/en-us/articles/360000134928", + "refsource": "CONFIRM", + "url": "https://support.sonatype.com/hc/en-us/articles/360000134928" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5340.json b/2018/5xxx/CVE-2018-5340.json index c7b4d55cd4c..2cf7bb60ef7 100644 --- a/2018/5xxx/CVE-2018-5340.json +++ b/2018/5xxx/CVE-2018-5340.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", - "refsource" : "MISC", - "url" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" - }, - { - "name" : "https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html" + }, + { + "name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5486.json b/2018/5xxx/CVE-2018-5486.json index 4a6786a497a..a74b06853d8 100644 --- a/2018/5xxx/CVE-2018-5486.json +++ b/2018/5xxx/CVE-2018-5486.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@netapp.com", - "DATE_PUBLIC" : "2018-04-25T00:00:00", - "ID" : "CVE-2018-5486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OnCommand Unified Manager for Linux", - "version" : { - "version_data" : [ - { - "version_value" : "7.2 though 7.3" - } - ] - } - } - ] - }, - "vendor_name" : "NetApp " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE 250" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@netapp.com", + "DATE_PUBLIC": "2018-04-25T00:00:00", + "ID": "CVE-2018-5486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OnCommand Unified Manager for Linux", + "version": { + "version_data": [ + { + "version_value": "7.2 though 7.3" + } + ] + } + } + ] + }, + "vendor_name": "NetApp " + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20180425-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180425-0001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 250" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20180425-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180425-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5727.json b/2018/5xxx/CVE-2018-5727.json index 9b9cc964753..ca0687d9ed6 100644 --- a/2018/5xxx/CVE-2018-5727.json +++ b/2018/5xxx/CVE-2018-5727.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/uclouvain/openjpeg/issues/1053", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/issues/1053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/uclouvain/openjpeg/issues/1053", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/issues/1053" + } + ] + } +} \ No newline at end of file