diff --git a/2001/0xxx/CVE-2001-0861.json b/2001/0xxx/CVE-2001-0861.json index d0e5f4ec41f..a7fb6ab09c5 100644 --- a/2001/0xxx/CVE-2001-0861.json +++ b/2001/0xxx/CVE-2001-0861.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011114 ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml" - }, - { - "name" : "M-018", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-018.shtml" - }, - { - "name" : "cisco-icmp-unreachable-dos(7536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7536" - }, - { - "name" : "3534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3534" - }, - { - "name" : "794", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "M-018", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-018.shtml" + }, + { + "name": "cisco-icmp-unreachable-dos(7536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7536" + }, + { + "name": "794", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/794" + }, + { + "name": "20011114 ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml" + }, + { + "name": "3534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3534" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1180.json b/2001/1xxx/CVE-2001-1180.json index e8a69525051..ed5fe1366d6 100644 --- a/2001/1xxx/CVE-2001-1180.json +++ b/2001/1xxx/CVE-2001-1180.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010710 FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html" - }, - { - "name" : "L-111", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/l-111.shtml" - }, - { - "name" : "VU#943633", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/943633" - }, - { - "name" : "FreeBSD-SA-01:42", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc" - }, - { - "name" : "bsd-rfork-signal-handlers(6829)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6829" - }, - { - "name" : "3007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3007" - }, - { - "name" : "1897", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "L-111", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/l-111.shtml" + }, + { + "name": "bsd-rfork-signal-handlers(6829)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6829" + }, + { + "name": "1897", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1897" + }, + { + "name": "20010710 FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html" + }, + { + "name": "FreeBSD-SA-01:42", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc" + }, + { + "name": "VU#943633", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/943633" + }, + { + "name": "3007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3007" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1256.json b/2001/1xxx/CVE-2001-1256.json index bb924e144ad..5053112062f 100644 --- a/2001/1xxx/CVE-2001-1256.json +++ b/2001/1xxx/CVE-2001-1256.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010604 yet another sym link followers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/188568" - }, - { - "name" : "VU#127435", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/127435" - }, - { - "name" : "L-093", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/l-093.shtml" - }, - { - "name" : "HPSBUX0106-153", - "refsource" : "HP", - "url" : "http://online.securityfocus.com/advisories/3354" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92" - }, - { - "name" : "oval:org.mitre.oval:def:5628", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5628" - }, - { - "name" : "hpux-kmmodreg-symlink(6656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6656" - }, - { - "name" : "2821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5628", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5628" + }, + { + "name": "20010604 yet another sym link followers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/188568" + }, + { + "name": "L-093", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/l-093.shtml" + }, + { + "name": "2821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2821" + }, + { + "name": "VU#127435", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/127435" + }, + { + "name": "http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92" + }, + { + "name": "HPSBUX0106-153", + "refsource": "HP", + "url": "http://online.securityfocus.com/advisories/3354" + }, + { + "name": "hpux-kmmodreg-symlink(6656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6656" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1392.json b/2001/1xxx/CVE-2001-1392.json index 94becb83997..cf62444953c 100644 --- a/2001/1xxx/CVE-2001-1392.json +++ b/2001/1xxx/CVE-2001-1392.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010405 Trustix Security Advisory #2001-0003 - kernel", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98653252326445&w=2" - }, - { - "name" : "20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98684172109474&w=2" - }, - { - "name" : "http://www.linux.org.uk/VERSION/relnotes.2219.html", - "refsource" : "CONFIRM", - "url" : "http://www.linux.org.uk/VERSION/relnotes.2219.html" - }, - { - "name" : "IMNX-2001-70-010-01", - "refsource" : "IMMUNIX", - "url" : "http://marc.info/?l=bugtraq&m=98575345009963&w=2" - }, - { - "name" : "CSSA-2001-012.0", - "refsource" : "CALDERA", - "url" : "http://marc.info/?l=bugtraq&m=98637996127004&w=2" - }, - { - "name" : "MDKSA-2001:037", - "refsource" : "MANDRAKE", - "url" : "http://marc.info/?l=bugtraq&m=98759029811377&w=2" - }, - { - "name" : "DSA-047", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2001/dsa-047" - }, - { - "name" : "SuSE-SA:2001:018", - "refsource" : "SUSE", - "url" : "http://marc.info/?l=bugtraq&m=99013830726309&w=2" - }, - { - "name" : "CLA-2001:394", - "refsource" : "CONECTIVA", - "url" : "http://marc.info/?l=bugtraq&m=98775114228203&w=2" - }, - { - "name" : "RHSA-2001:047", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-047.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2001:047", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-047.html" + }, + { + "name": "CSSA-2001-012.0", + "refsource": "CALDERA", + "url": "http://marc.info/?l=bugtraq&m=98637996127004&w=2" + }, + { + "name": "http://www.linux.org.uk/VERSION/relnotes.2219.html", + "refsource": "CONFIRM", + "url": "http://www.linux.org.uk/VERSION/relnotes.2219.html" + }, + { + "name": "DSA-047", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2001/dsa-047" + }, + { + "name": "MDKSA-2001:037", + "refsource": "MANDRAKE", + "url": "http://marc.info/?l=bugtraq&m=98759029811377&w=2" + }, + { + "name": "20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98684172109474&w=2" + }, + { + "name": "IMNX-2001-70-010-01", + "refsource": "IMMUNIX", + "url": "http://marc.info/?l=bugtraq&m=98575345009963&w=2" + }, + { + "name": "CLA-2001:394", + "refsource": "CONECTIVA", + "url": "http://marc.info/?l=bugtraq&m=98775114228203&w=2" + }, + { + "name": "20010405 Trustix Security Advisory #2001-0003 - kernel", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98653252326445&w=2" + }, + { + "name": "SuSE-SA:2001:018", + "refsource": "SUSE", + "url": "http://marc.info/?l=bugtraq&m=99013830726309&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2023.json b/2006/2xxx/CVE-2006-2023.json index 4e64d55abfe..21eeafa67b1 100644 --- a/2006/2xxx/CVE-2006-2023.json +++ b/2006/2xxx/CVE-2006-2023.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060423 Buffer-overflow and crash in Fenice OMS 1.10", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431870/100/0/threaded" - }, - { - "name" : "20060607 Re: Buffer-overflow and crash in Fenice OMS 1.10", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436256/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/fenicex-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/fenicex-adv.txt" - }, - { - "name" : "17678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17678" - }, - { - "name" : "ADV-2006-1491", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1491" - }, - { - "name" : "24882", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24882" - }, - { - "name" : "19770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19770" - }, - { - "name" : "794", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/794" - }, - { - "name" : "fenice-contentlength-dos(26080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19770" + }, + { + "name": "17678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17678" + }, + { + "name": "fenice-contentlength-dos(26080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26080" + }, + { + "name": "http://aluigi.altervista.org/adv/fenicex-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/fenicex-adv.txt" + }, + { + "name": "20060423 Buffer-overflow and crash in Fenice OMS 1.10", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431870/100/0/threaded" + }, + { + "name": "794", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/794" + }, + { + "name": "ADV-2006-1491", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1491" + }, + { + "name": "20060607 Re: Buffer-overflow and crash in Fenice OMS 1.10", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436256/100/0/threaded" + }, + { + "name": "24882", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24882" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2091.json b/2006/2xxx/CVE-2006-2091.json index 2a3f77bd109..9e0b23c7bdc 100644 --- a/2006/2xxx/CVE-2006-2091.json +++ b/2006/2xxx/CVE-2006-2091.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060423 VWar Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431900/100/0/threaded" - }, - { - "name" : "818", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/818" - }, - { - "name" : "virtualwar-admin-path-disclosure(26006)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060423 VWar Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431900/100/0/threaded" + }, + { + "name": "818", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/818" + }, + { + "name": "virtualwar-admin-path-disclosure(26006)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26006" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2529.json b/2006/2xxx/CVE-2006-2529.json index 7ec804a617c..8de20daa8c2 100644 --- a/2006/2xxx/CVE-2006-2529.json +++ b/2006/2xxx/CVE-2006-2529.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fckeditor.net/whatsnew/default.html", - "refsource" : "CONFIRM", - "url" : "http://www.fckeditor.net/whatsnew/default.html" - }, - { - "name" : "18029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18029" - }, - { - "name" : "ADV-2006-1856", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1856" - }, - { - "name" : "25631", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25631" - }, - { - "name" : "20122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25631", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25631" + }, + { + "name": "20122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20122" + }, + { + "name": "http://www.fckeditor.net/whatsnew/default.html", + "refsource": "CONFIRM", + "url": "http://www.fckeditor.net/whatsnew/default.html" + }, + { + "name": "ADV-2006-1856", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1856" + }, + { + "name": "18029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18029" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2990.json b/2006/2xxx/CVE-2006-2990.json index d7000d6483f..4ffb84fae21 100644 --- a/2006/2xxx/CVE-2006-2990.json +++ b/2006/2xxx/CVE-2006-2990.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/vanillasoft-helpdesk-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/vanillasoft-helpdesk-xss-vuln.html" - }, - { - "name" : "18368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18368" - }, - { - "name" : "ADV-2006-2247", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2247" - }, - { - "name" : "1016254", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016254" - }, - { - "name" : "20544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20544" - }, - { - "name" : "vanillasoft-helpdesk-default-xss(27020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/06/vanillasoft-helpdesk-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/vanillasoft-helpdesk-xss-vuln.html" + }, + { + "name": "20544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20544" + }, + { + "name": "1016254", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016254" + }, + { + "name": "18368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18368" + }, + { + "name": "ADV-2006-2247", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2247" + }, + { + "name": "vanillasoft-helpdesk-default-xss(27020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27020" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5225.json b/2008/5xxx/CVE-2008-5225.json index 04614abd791..7e01fe7c92e 100644 --- a/2008/5xxx/CVE-2008-5225.json +++ b/2008/5xxx/CVE-2008-5225.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080529 XEROX DocuShare URL XSS Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492766/100/0/threaded" - }, - { - "name" : "20080603 Advisory: Xerox Workaround & planned patch", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492960/100/0/threaded" - }, - { - "name" : "https://docushare.xerox.com/doug/dsweb/Get/Document-20353/SA30426-workaround.html", - "refsource" : "MISC", - "url" : "https://docushare.xerox.com/doug/dsweb/Get/Document-20353/SA30426-workaround.html" - }, - { - "name" : "https://docushare.xerox.com/doug/dsweb/View/Collection-7503", - "refsource" : "MISC", - "url" : "https://docushare.xerox.com/doug/dsweb/View/Collection-7503" - }, - { - "name" : "29430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29430" - }, - { - "name" : "1020147", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020147" - }, - { - "name" : "ADV-2008-1701", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1701/references" - }, - { - "name" : "30426", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30426" - }, - { - "name" : "4638", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4638" - }, - { - "name" : "xerox-docushare-dsweb-xss(42748)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42748" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080529 XEROX DocuShare URL XSS Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492766/100/0/threaded" + }, + { + "name": "20080603 Advisory: Xerox Workaround & planned patch", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492960/100/0/threaded" + }, + { + "name": "https://docushare.xerox.com/doug/dsweb/Get/Document-20353/SA30426-workaround.html", + "refsource": "MISC", + "url": "https://docushare.xerox.com/doug/dsweb/Get/Document-20353/SA30426-workaround.html" + }, + { + "name": "29430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29430" + }, + { + "name": "ADV-2008-1701", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1701/references" + }, + { + "name": "1020147", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020147" + }, + { + "name": "30426", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30426" + }, + { + "name": "https://docushare.xerox.com/doug/dsweb/View/Collection-7503", + "refsource": "MISC", + "url": "https://docushare.xerox.com/doug/dsweb/View/Collection-7503" + }, + { + "name": "xerox-docushare-dsweb-xss(42748)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42748" + }, + { + "name": "4638", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4638" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5338.json b/2008/5xxx/CVE-2008-5338.json index d76c987e8f2..f8f729aa25b 100644 --- a/2008/5xxx/CVE-2008-5338.json +++ b/2008/5xxx/CVE-2008-5338.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7215", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7215" - }, - { - "name" : "http://z0rlu.blogspot.com/2008/11/bandwebsite-15-sqlxss-multiple-remote.html", - "refsource" : "MISC", - "url" : "http://z0rlu.blogspot.com/2008/11/bandwebsite-15-sqlxss-multiple-remote.html" - }, - { - "name" : "32454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32454" - }, - { - "name" : "4689", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4689" - }, - { - "name" : "bandwebsite-info-xss(46817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32454" + }, + { + "name": "4689", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4689" + }, + { + "name": "bandwebsite-info-xss(46817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46817" + }, + { + "name": "http://z0rlu.blogspot.com/2008/11/bandwebsite-15-sqlxss-multiple-remote.html", + "refsource": "MISC", + "url": "http://z0rlu.blogspot.com/2008/11/bandwebsite-15-sqlxss-multiple-remote.html" + }, + { + "name": "7215", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7215" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2180.json b/2011/2xxx/CVE-2011-2180.json index 2e9c66fb854..02e66f96752 100644 --- a/2011/2xxx/CVE-2011-2180.json +++ b/2011/2xxx/CVE-2011-2180.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in dereferer.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_link parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110602 CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/02/1" - }, - { - "name" : "[oss-security] 20110602 Re: CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/02/7" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_in_a_really_simple_chat_arsc.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_in_a_really_simple_chat_arsc.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in dereferer.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_link parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110602 CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/02/1" + }, + { + "name": "[oss-security] 20110602 Re: CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/02/7" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_in_a_really_simple_chat_arsc.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_in_a_really_simple_chat_arsc.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2711.json b/2011/2xxx/CVE-2011-2711.json index d3c1c00a289..e9ba88a98b8 100644 --- a/2011/2xxx/CVE-2011-2711.json +++ b/2011/2xxx/CVE-2011-2711.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[cgit] 20110722 [PATCH] Fix potential XSS vulnerability in rename hint", - "refsource" : "MLIST", - "url" : "http://hjemli.net/pipermail/cgit/2011-July/000276.html" - }, - { - "name" : "[oss-security] 20110722 CVE Request -- cGit -- XSS flaw in rename hint", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/22/2" - }, - { - "name" : "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/22/6" - }, - { - "name" : "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/22/7" - }, - { - "name" : "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/24/3" - }, - { - "name" : "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/24/4" - }, - { - "name" : "http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5", - "refsource" : "CONFIRM", - "url" : "http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=725042", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=725042" - }, - { - "name" : "openSUSE-SU-2011:0891", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/10998459" - }, - { - "name" : "48866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48866" - }, - { - "name" : "74050", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/74050" - }, - { - "name" : "45358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45358" - }, - { - "name" : "45541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45541" - }, - { - "name" : "cgit-renamehint-xss(68754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/24/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=725042", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725042" + }, + { + "name": "48866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48866" + }, + { + "name": "[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/24/3" + }, + { + "name": "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/22/6" + }, + { + "name": "http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5", + "refsource": "CONFIRM", + "url": "http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5" + }, + { + "name": "openSUSE-SU-2011:0891", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/10998459" + }, + { + "name": "74050", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/74050" + }, + { + "name": "[oss-security] 20110722 CVE Request -- cGit -- XSS flaw in rename hint", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/22/2" + }, + { + "name": "45358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45358" + }, + { + "name": "[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/22/7" + }, + { + "name": "45541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45541" + }, + { + "name": "cgit-renamehint-xss(68754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68754" + }, + { + "name": "[cgit] 20110722 [PATCH] Fix potential XSS vulnerability in rename hint", + "refsource": "MLIST", + "url": "http://hjemli.net/pipermail/cgit/2011-July/000276.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2965.json b/2011/2xxx/CVE-2011-2965.json index 9c52bfec583..94f14670f29 100644 --- a/2011/2xxx/CVE-2011-2965.json +++ b/2011/2xxx/CVE-2011-2965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2965", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2965", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3055.json b/2011/3xxx/CVE-2011-3055.json index 5fc13dfc373..7f1fd55dd21 100644 --- a/2011/3xxx/CVE-2011-3055.json +++ b/2011/3xxx/CVE-2011-3055.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=117736", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=117736" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html" - }, - { - "name" : "GLSA-201203-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" - }, - { - "name" : "openSUSE-SU-2012:0466", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html" - }, - { - "name" : "52674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52674" - }, - { - "name" : "oval:org.mitre.oval:def:15033", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15033" - }, - { - "name" : "1026841", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026841" - }, - { - "name" : "48512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48512" - }, - { - "name" : "48527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48527" - }, - { - "name" : "google-nativeui-weak-security(74215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48527" + }, + { + "name": "oval:org.mitre.oval:def:15033", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15033" + }, + { + "name": "openSUSE-SU-2012:0466", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=117736", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=117736" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html" + }, + { + "name": "1026841", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026841" + }, + { + "name": "52674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52674" + }, + { + "name": "google-nativeui-weak-security(74215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74215" + }, + { + "name": "GLSA-201203-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-19.xml" + }, + { + "name": "48512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48512" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3213.json b/2011/3xxx/CVE-2011-3213.json index c322b1d51ec..bb63f7eead7 100644 --- a/2011/3xxx/CVE-2011-3213.json +++ b/2011/3xxx/CVE-2011-3213.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3482.json b/2011/3xxx/CVE-2011-3482.json index b844943de04..93fb73f44ce 100644 --- a/2011/3xxx/CVE-2011-3482.json +++ b/2011/3xxx/CVE-2011-3482.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110913 CVE Request: Multiple issues fixed in wireshark 1.6.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/13/1" - }, - { - "name" : "[oss-security] 20110914 Re: CVE Request: Multiple issues fixed in wireshark 1.6.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/14/5" - }, - { - "name" : "[oss-security] 20110914 Re: CVE Request: Multiple issues fixed in wireshark 1.6.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/14/9" - }, - { - "name" : "[oss-security] 20110914 Re: CVE Request: Multiple issues fixed in wireshark 1.6.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/14/10" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=38430", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=38430" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-16.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6139", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6139" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=737783", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=737783" - }, - { - "name" : "MDVSA-2011:138", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:138" - }, - { - "name" : "oval:org.mitre.oval:def:14886", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110914 Re: CVE Request: Multiple issues fixed in wireshark 1.6.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/14/10" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6139", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6139" + }, + { + "name": "[oss-security] 20110914 Re: CVE Request: Multiple issues fixed in wireshark 1.6.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/14/9" + }, + { + "name": "oval:org.mitre.oval:def:14886", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14886" + }, + { + "name": "[oss-security] 20110914 Re: CVE Request: Multiple issues fixed in wireshark 1.6.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/14/5" + }, + { + "name": "MDVSA-2011:138", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:138" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=38430", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=38430" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=737783", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737783" + }, + { + "name": "[oss-security] 20110913 CVE Request: Multiple issues fixed in wireshark 1.6.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/13/1" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-16.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-16.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3661.json b/2011/3xxx/CVE-2011-3661.json index 604d3244f30..d38176c0373 100644 --- a/2011/3xxx/CVE-2011-3661.json +++ b/2011/3xxx/CVE-2011-3661.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-54.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-54.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=691299", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=691299" - }, - { - "name" : "MDVSA-2011:192", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:192" - }, - { - "name" : "openSUSE-SU-2012:0007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html" - }, - { - "name" : "openSUSE-SU-2012:0039", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html" - }, - { - "name" : "oval:org.mitre.oval:def:14424", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14424" - }, - { - "name" : "1026445", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026445" - }, - { - "name" : "1026446", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026446" - }, - { - "name" : "1026447", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026447" - }, - { - "name" : "47302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47302" - }, - { - "name" : "47334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47334" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - }, - { - "name" : "firefox-yarr-dos(71909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=691299", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=691299" + }, + { + "name": "MDVSA-2011:192", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:192" + }, + { + "name": "47334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47334" + }, + { + "name": "1026447", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026447" + }, + { + "name": "1026446", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026446" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "1026445", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026445" + }, + { + "name": "firefox-yarr-dos(71909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71909" + }, + { + "name": "oval:org.mitre.oval:def:14424", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14424" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-54.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-54.html" + }, + { + "name": "47302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47302" + }, + { + "name": "openSUSE-SU-2012:0039", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html" + }, + { + "name": "openSUSE-SU-2012:0007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3918.json b/2011/3xxx/CVE-2011-3918.json index f466ec8a39c..8a25621d458 100644 --- a/2011/3xxx/CVE-2011-3918.json +++ b/2011/3xxx/CVE-2011-3918.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf", - "refsource" : "MISC", - "url" : "http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf" - }, - { - "name" : "https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core&r=e7fd911fd42b", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core&r=e7fd911fd42b" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf", + "refsource": "MISC", + "url": "http://www.ai-lab.it/merlo/publications/DoSAndroid.pdf" + }, + { + "name": "https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core&r=e7fd911fd42b", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/android-source-browsing/source/detail?repo=platform--system--core&r=e7fd911fd42b" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4080.json b/2011/4xxx/CVE-2011-4080.json index 1adfd615db1..95f296b8545 100644 --- a/2011/4xxx/CVE-2011-4080.json +++ b/2011/4xxx/CVE-2011-4080.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111026 Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/10/26/10" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bfdc0b497faa82a0ba2f9dddcf109231dd519fcc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bfdc0b497faa82a0ba2f9dddcf109231dd519fcc" - }, - { - "name" : "https://github.com/torvalds/linux/commit/bfdc0b497faa82a0ba2f9dddcf109231dd519fcc", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/bfdc0b497faa82a0ba2f9dddcf109231dd519fcc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/bfdc0b497faa82a0ba2f9dddcf109231dd519fcc", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/bfdc0b497faa82a0ba2f9dddcf109231dd519fcc" + }, + { + "name": "[oss-security] 20111026 Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/10/26/10" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bfdc0b497faa82a0ba2f9dddcf109231dd519fcc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bfdc0b497faa82a0ba2f9dddcf109231dd519fcc" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4306.json b/2011/4xxx/CVE-2011-4306.json index d991b8dbfd0..227db6d0db6 100644 --- a/2011/4xxx/CVE-2011-4306.json +++ b/2011/4xxx/CVE-2011-4306.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=188319", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=188319" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=188319", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=188319" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=747444", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0329.json b/2013/0xxx/CVE-2013-0329.json index 17a3efae7be..ff7223e36e6 100644 --- a/2013/0xxx/CVE-2013-0329.json +++ b/2013/0xxx/CVE-2013-0329.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/21/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=914877", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=914877" - }, - { - "name" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", - "refsource" : "CONFIRM", - "url" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16" - }, - { - "name" : "RHSA-2013:0638", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0638.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914877", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914877" + }, + { + "name": "RHSA-2013:0638", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html" + }, + { + "name": "[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/21/7" + }, + { + "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", + "refsource": "CONFIRM", + "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0514.json b/2013/0xxx/CVE-2013-0514.json index b8171fbab3b..0e1ea579d77 100644 --- a/2013/0xxx/CVE-2013-0514.json +++ b/2013/0xxx/CVE-2013-0514.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0514", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0514", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0898.json b/2013/0xxx/CVE-2013-0898.json index 5827ab0f602..d1577554f43 100644 --- a/2013/0xxx/CVE-2013-0898.json +++ b/2013/0xxx/CVE-2013-0898.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=164643", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=164643" - }, - { - "name" : "openSUSE-SU-2013:0454", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" - }, - { - "name" : "oval:org.mitre.oval:def:16569", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=164643", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=164643" + }, + { + "name": "openSUSE-SU-2013:0454", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" + }, + { + "name": "oval:org.mitre.oval:def:16569", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16569" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0992.json b/2013/0xxx/CVE-2013-0992.json index 0a43f5dbab8..c5ac4802203 100644 --- a/2013/0xxx/CVE-2013-0992.json +++ b/2013/0xxx/CVE-2013-0992.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5766", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5766" - }, - { - "name" : "http://support.apple.com/kb/HT5785", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5785" - }, - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "APPLE-SA-2013-05-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" - }, - { - "name" : "APPLE-SA-2013-06-04-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:17621", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17621" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5785", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5785" + }, + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "APPLE-SA-2013-06-04-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT5766", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5766" + }, + { + "name": "oval:org.mitre.oval:def:17621", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17621" + }, + { + "name": "APPLE-SA-2013-05-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1223.json b/2013/1xxx/CVE-2013-1223.json index 0b7482bb1fc..d6ccb453456 100644 --- a/2013/1xxx/CVE-2013-1223.json +++ b/2013/1xxx/CVE-2013-1223.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130508 Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130508 Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1547.json b/2013/1xxx/CVE-2013-1547.json index cac50ac4a48..46e9e4d6f3d 100644 --- a/2013/1xxx/CVE-2013-1547.json +++ b/2013/1xxx/CVE-2013-1547.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1688.json b/2013/1xxx/CVE-2013-1688.json index 5b4fd8d2cff..3b5a466c823 100644 --- a/2013/1xxx/CVE-2013-1688.json +++ b/2013/1xxx/CVE-2013-1688.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-52.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-52.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=873966", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=873966" - }, - { - "name" : "openSUSE-SU-2013:1140", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:1142", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" - }, - { - "name" : "USN-1890-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1890-1" - }, - { - "name" : "oval:org.mitre.oval:def:16427", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1890-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1890-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-52.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-52.html" + }, + { + "name": "oval:org.mitre.oval:def:16427", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16427" + }, + { + "name": "openSUSE-SU-2013:1142", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=873966", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=873966" + }, + { + "name": "openSUSE-SU-2013:1140", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1781.json b/2013/1xxx/CVE-2013-1781.json index 65cc0209b11..c6a2e201ffd 100644 --- a/2013/1xxx/CVE-2013-1781.json +++ b/2013/1xxx/CVE-2013-1781.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130227 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/28/3" - }, - { - "name" : "http://drupal.org/node/1929486", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1929486" - }, - { - "name" : "http://drupal.org/node/1730768", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1730768" - }, - { - "name" : "http://drupalcode.org/project/professional_theme.git/commitdiff/0640ddc", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/professional_theme.git/commitdiff/0640ddc" - }, - { - "name" : "http://drupalcode.org/project/professional_theme.git/commitdiff/e3fa6a2", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/professional_theme.git/commitdiff/e3fa6a2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupalcode.org/project/professional_theme.git/commitdiff/e3fa6a2", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/professional_theme.git/commitdiff/e3fa6a2" + }, + { + "name": "[oss-security] 20130227 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/28/3" + }, + { + "name": "http://drupal.org/node/1730768", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1730768" + }, + { + "name": "http://drupalcode.org/project/professional_theme.git/commitdiff/0640ddc", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/professional_theme.git/commitdiff/0640ddc" + }, + { + "name": "http://drupal.org/node/1929486", + "refsource": "MISC", + "url": "http://drupal.org/node/1929486" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1791.json b/2013/1xxx/CVE-2013-1791.json index 909516e04fe..aa1cd804f63 100644 --- a/2013/1xxx/CVE-2013-1791.json +++ b/2013/1xxx/CVE-2013-1791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1791", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1791", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4064.json b/2013/4xxx/CVE-2013-4064.json index 8ab60bf7e8d..652e4b2dc9b 100644 --- a/2013/4xxx/CVE-2013-4064.json +++ b/2013/4xxx/CVE-2013-4064.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-4064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21659959", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21659959" - }, - { - "name" : "ibm-inotes-cve20134064-xss(86595)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-inotes-cve20134064-xss(86595)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86595" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4950.json b/2013/4xxx/CVE-2013-4950.json index 7c938a02f2d..5a5569060d2 100644 --- a/2013/4xxx/CVE-2013-4950.json +++ b/2013/4xxx/CVE-2013-4950.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26553", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/26553" - }, - { - "name" : "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html" - }, - { - "name" : "94803", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/94803" - }, - { - "name" : "machform-formmaker-view-xss(85389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26553", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/26553" + }, + { + "name": "machform-formmaker-view-xss(85389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85389" + }, + { + "name": "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122255/Machform-Form-Maker-2-XSS-Shell-Upload-SQL-Injection.html" + }, + { + "name": "94803", + "refsource": "OSVDB", + "url": "http://osvdb.org/94803" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5117.json b/2013/5xxx/CVE-2013-5117.json index be894b1b20c..d83edf91eea 100644 --- a/2013/5xxx/CVE-2013-5117.json +++ b/2013/5xxx/CVE-2013-5117.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27602", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/27602" - }, - { - "name" : "20130902 DotNetNuke (DNNArticle Module) SQL Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Sep/9" - }, - { - "name" : "http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx" - }, - { - "name" : "61788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61788" - }, - { - "name" : "96306", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27602", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/27602" + }, + { + "name": "96306", + "refsource": "OSVDB", + "url": "http://osvdb.org/96306" + }, + { + "name": "20130902 DotNetNuke (DNNArticle Module) SQL Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Sep/9" + }, + { + "name": "http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx", + "refsource": "CONFIRM", + "url": "http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx" + }, + { + "name": "61788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61788" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5325.json b/2013/5xxx/CVE-2013-5325.json index 7f73092c09c..1f8ace4ecbf 100644 --- a/2013/5xxx/CVE-2013-5325.json +++ b/2013/5xxx/CVE-2013-5325.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-5325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-25.html" - }, - { - "name" : "oval:org.mitre.oval:def:19053", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:19053", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19053" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-25.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-25.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5634.json b/2013/5xxx/CVE-2013-5634.json index 81693c87d51..5fb1d10a591 100644 --- a/2013/5xxx/CVE-2013-5634.json +++ b/2013/5xxx/CVE-2013-5634.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-5634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130826 Re: CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/08/26/4" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e8180dcaa8470ceca21109f143876fdcd9fe050a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e8180dcaa8470ceca21109f143876fdcd9fe050a" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e8180dcaa8470ceca21109f143876fdcd9fe050a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e8180dcaa8470ceca21109f143876fdcd9fe050a" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2" - }, - { - "name" : "61995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61995" + }, + { + "name": "https://github.com/torvalds/linux/commit/e8180dcaa8470ceca21109f143876fdcd9fe050a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e8180dcaa8470ceca21109f143876fdcd9fe050a" + }, + { + "name": "[oss-security] 20130826 Re: CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/08/26/4" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e8180dcaa8470ceca21109f143876fdcd9fe050a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e8180dcaa8470ceca21109f143876fdcd9fe050a" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5816.json b/2013/5xxx/CVE-2013-5816.json index 6870e887e13..55ee4afa386 100644 --- a/2013/5xxx/CVE-2013-5816.json +++ b/2013/5xxx/CVE-2013-5816.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Metro." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Metro." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5899.json b/2013/5xxx/CVE-2013-5899.json index 36ec54af022..f7f038002ed 100644 --- a/2013/5xxx/CVE-2013-5899.json +++ b/2013/5xxx/CVE-2013-5899.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0134", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" - }, - { - "name" : "RHSA-2014:0135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2014:0246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" - }, - { - "name" : "SUSE-SU-2014:0266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" - }, - { - "name" : "SUSE-SU-2014:0451", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64928" - }, - { - "name" : "102014", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102014" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - }, - { - "name" : "oracle-cpujan2014-cve20135899(90346)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-cpujan2014-cve20135899(90346)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90346" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "102014", + "refsource": "OSVDB", + "url": "http://osvdb.org/102014" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "RHSA-2014:0135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "64928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64928" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "SUSE-SU-2014:0451", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "SUSE-SU-2014:0266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "SUSE-SU-2014:0246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "RHSA-2014:0134", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2910.json b/2014/2xxx/CVE-2014-2910.json index cf405ec287c..bf12b5a8c9b 100644 --- a/2014/2xxx/CVE-2014-2910.json +++ b/2014/2xxx/CVE-2014-2910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12179.json b/2017/12xxx/CVE-2017-12179.json index f30ce0b71f5..b4490354b3a 100644 --- a/2017/12xxx/CVE-2017-12179.json +++ b/2017/12xxx/CVE-2017-12179.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-12179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "xorg-x11-server", - "version" : { - "version_data" : [ - { - "version_value" : "before 1.19.5" - } - ] - } - } - ] - }, - "vendor_name" : "The X.Org Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-391" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-12179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "xorg-x11-server", + "version": { + "version_data": [ + { + "version_value": "before 1.19.5" + } + ] + } + } + ] + }, + "vendor_name": "The X.Org Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509220", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509220" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=d088e3c1286b548a58e62afdc70bb40981cdb9e8", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=d088e3c1286b548a58e62afdc70bb40981cdb9e8" - }, - { - "name" : "DSA-4000", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4000" - }, - { - "name" : "GLSA-201711-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-05" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-391" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=d088e3c1286b548a58e62afdc70bb40981cdb9e8", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=d088e3c1286b548a58e62afdc70bb40981cdb9e8" + }, + { + "name": "DSA-4000", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4000" + }, + { + "name": "GLSA-201711-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-05" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1509220", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509220" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12299.json b/2017/12xxx/CVE-2017-12299.json index 4cae81cbec2..48ebe1f6d42 100644 --- a/2017/12xxx/CVE-2017-12299.json +++ b/2017/12xxx/CVE-2017-12299.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco ASA Next-Generation Firewall Services", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco ASA Next-Generation Firewall Services" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is due to an implementation error that exists in the process of creating default IP blocks when the device is initialized, and the way in which those IP blocks interact with user-configured filters for local IP management traffic (for example, SSH to the device). An attacker could exploit this vulnerability by sending traffic to the local IP address of the targeted device. A successful exploit could allow the attacker to connect to the local IP address of the device even when there are filters configured to deny the traffic. Cisco Bug IDs: CSCvd97962." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco ASA Next-Generation Firewall Services", + "version": { + "version_data": [ + { + "version_value": "Cisco ASA Next-Generation Firewall Services" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1" - }, - { - "name" : "101915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is due to an implementation error that exists in the process of creating default IP blocks when the device is initialized, and the way in which those IP blocks interact with user-configured filters for local IP management traffic (for example, SSH to the device). An attacker could exploit this vulnerability by sending traffic to the local IP address of the targeted device. A successful exploit could allow the attacker to connect to the local IP address of the device even when there are filters configured to deny the traffic. Cisco Bug IDs: CSCvd97962." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1" + }, + { + "name": "101915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101915" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12402.json b/2017/12xxx/CVE-2017-12402.json index 67f3aa9cb3c..8c49cf054e8 100644 --- a/2017/12xxx/CVE-2017-12402.json +++ b/2017/12xxx/CVE-2017-12402.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12402", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12402", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12797.json b/2017/12xxx/CVE-2017-12797.json index 2a737fd1787..c89e69a2e3e 100644 --- a/2017/12xxx/CVE-2017-12797.json +++ b/2017/12xxx/CVE-2017-12797.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/mpg123/bugs/254/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/mpg123/bugs/254/" - }, - { - "name" : "https://sourceforge.net/p/mpg123/mailman/message/35987663/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/mpg123/mailman/message/35987663/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/mpg123/mailman/message/35987663/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/mpg123/mailman/message/35987663/" + }, + { + "name": "https://sourceforge.net/p/mpg123/bugs/254/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/mpg123/bugs/254/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16404.json b/2017/16xxx/CVE-2017-16404.json index c4c72a1afe2..ef9722e1091 100644 --- a/2017/16xxx/CVE-2017-16404.json +++ b/2017/16xxx/CVE-2017-16404.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "102140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102140" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "102140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102140" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16772.json b/2017/16xxx/CVE-2017-16772.json index fa754633088..df97b27d624 100644 --- a/2017/16xxx/CVE-2017-16772.json +++ b/2017/16xxx/CVE-2017-16772.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-03-22T00:00:00", - "ID" : "CVE-2017-16772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Photo Station", - "version" : { - "version_data" : [ - { - "version_value" : "before 6.8.3-3463" - }, - { - "version_value" : "before 6.3-2971" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unrestricted Upload of File with Dangerous Type (CWE-434)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-03-22T00:00:00", + "ID": "CVE-2017-16772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Photo Station", + "version": { + "version_data": [ + { + "version_value": "before 6.8.3-3463" + }, + { + "version_value": "before 6.3-2971" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_18_02", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_18_02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted Upload of File with Dangerous Type (CWE-434)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_18_02", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_18_02" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16984.json b/2017/16xxx/CVE-2017-16984.json index 1d4d3ff0b11..4cd0350c93c 100644 --- a/2017/16xxx/CVE-2017-16984.json +++ b/2017/16xxx/CVE-2017-16984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16984", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16984", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4201.json b/2017/4xxx/CVE-2017-4201.json index 5c497794855..2822462699f 100644 --- a/2017/4xxx/CVE-2017-4201.json +++ b/2017/4xxx/CVE-2017-4201.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4201", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4201", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4366.json b/2017/4xxx/CVE-2017-4366.json index 5199c245ffa..7a464ae9193 100644 --- a/2017/4xxx/CVE-2017-4366.json +++ b/2017/4xxx/CVE-2017-4366.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4366", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4366", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4401.json b/2017/4xxx/CVE-2017-4401.json index 97147fcdcf5..35fb790589e 100644 --- a/2017/4xxx/CVE-2017-4401.json +++ b/2017/4xxx/CVE-2017-4401.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4401", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4401", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4454.json b/2017/4xxx/CVE-2017-4454.json index 215b42cbad9..2f34f3f14d0 100644 --- a/2017/4xxx/CVE-2017-4454.json +++ b/2017/4xxx/CVE-2017-4454.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4454", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4454", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4633.json b/2017/4xxx/CVE-2017-4633.json index fd258b64de6..065d3850005 100644 --- a/2017/4xxx/CVE-2017-4633.json +++ b/2017/4xxx/CVE-2017-4633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4633", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4633", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18296.json b/2018/18xxx/CVE-2018-18296.json index c5f1674eee4..1327552f8d8 100644 --- a/2018/18xxx/CVE-2018-18296.json +++ b/2018/18xxx/CVE-2018-18296.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iwantacve.cn/index.php/archives/52/", - "refsource" : "MISC", - "url" : "http://www.iwantacve.cn/index.php/archives/52/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.iwantacve.cn/index.php/archives/52/", + "refsource": "MISC", + "url": "http://www.iwantacve.cn/index.php/archives/52/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18798.json b/2018/18xxx/CVE-2018-18798.json index 4e344fc6574..baaf98a6358 100644 --- a/2018/18xxx/CVE-2018-18798.json +++ b/2018/18xxx/CVE-2018-18798.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18798", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18798", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5511.json b/2018/5xxx/CVE-2018-5511.json index 06bc080af65..113f9cd3eca 100644 --- a/2018/5xxx/CVE-2018-5511.json +++ b/2018/5xxx/CVE-2018-5511.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-04-12T00:00:00", - "ID" : "CVE-2018-5511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", - "version" : { - "version_data" : [ - { - "version_value" : "13.1.0-13.1.0.3" - }, - { - "version_value" : "13.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-04-12T00:00:00", + "ID": "CVE-2018-5511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", + "version": { + "version_data": [ + { + "version_value": "13.1.0-13.1.0.3" + }, + { + "version_value": "13.0.0" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K30500703", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K30500703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K30500703", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K30500703" + } + ] + } +} \ No newline at end of file