From 47ed5e35955fccfa09cacf445543f86e26216299 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:46:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0205.json | 140 ++++---- 2001/0xxx/CVE-2001-0267.json | 140 ++++---- 2001/0xxx/CVE-2001-0535.json | 130 ++++---- 2001/0xxx/CVE-2001-0806.json | 170 +++++----- 2001/0xxx/CVE-2001-0825.json | 160 ++++----- 2001/1xxx/CVE-2001-1040.json | 130 ++++---- 2006/2xxx/CVE-2006-2077.json | 170 +++++----- 2006/2xxx/CVE-2006-2230.json | 150 ++++----- 2006/2xxx/CVE-2006-2550.json | 190 +++++------ 2006/2xxx/CVE-2006-2682.json | 150 ++++----- 2006/2xxx/CVE-2006-2785.json | 510 ++++++++++++++--------------- 2006/6xxx/CVE-2006-6098.json | 34 +- 2006/6xxx/CVE-2006-6303.json | 350 ++++++++++---------- 2006/6xxx/CVE-2006-6390.json | 160 ++++----- 2011/2xxx/CVE-2011-2147.json | 150 ++++----- 2011/2xxx/CVE-2011-2453.json | 200 +++++------ 2011/2xxx/CVE-2011-2732.json | 130 ++++---- 2011/3xxx/CVE-2011-3442.json | 140 ++++---- 2011/3xxx/CVE-2011-3464.json | 150 ++++----- 2011/3xxx/CVE-2011-3564.json | 120 +++---- 2011/4xxx/CVE-2011-4322.json | 34 +- 2011/4xxx/CVE-2011-4615.json | 190 +++++------ 2013/0xxx/CVE-2013-0605.json | 190 +++++------ 2013/0xxx/CVE-2013-0734.json | 170 +++++----- 2013/1xxx/CVE-2013-1002.json | 190 +++++------ 2013/1xxx/CVE-2013-1724.json | 240 +++++++------- 2013/1xxx/CVE-2013-1783.json | 190 +++++------ 2013/1xxx/CVE-2013-1784.json | 160 ++++----- 2013/1xxx/CVE-2013-1986.json | 170 +++++----- 2013/5xxx/CVE-2013-5010.json | 140 ++++---- 2013/5xxx/CVE-2013-5747.json | 34 +- 2014/2xxx/CVE-2014-2073.json | 120 +++---- 2017/0xxx/CVE-2017-0632.json | 130 ++++---- 2017/1000xxx/CVE-2017-1000158.json | 194 +++++------ 2017/12xxx/CVE-2017-12039.json | 34 +- 2017/12xxx/CVE-2017-12654.json | 130 ++++---- 2017/16xxx/CVE-2017-16293.json | 34 +- 2017/16xxx/CVE-2017-16547.json | 160 ++++----- 2017/16xxx/CVE-2017-16977.json | 34 +- 2017/1xxx/CVE-2017-1016.json | 34 +- 2017/4xxx/CVE-2017-4021.json | 34 +- 2017/4xxx/CVE-2017-4111.json | 34 +- 2017/4xxx/CVE-2017-4457.json | 34 +- 2017/4xxx/CVE-2017-4480.json | 34 +- 2018/5xxx/CVE-2018-5128.json | 162 ++++----- 2018/5xxx/CVE-2018-5888.json | 132 ++++---- 46 files changed, 3241 insertions(+), 3241 deletions(-) diff --git a/2001/0xxx/CVE-2001-0205.json b/2001/0xxx/CVE-2001-0205.json index 1ffd6781f18..0a852c45199 100644 --- a/2001/0xxx/CVE-2001-0205.json +++ b/2001/0xxx/CVE-2001-0205.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting \"...\" into the requested pathname, a modified .. (dot dot) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010206 Vulnerability in AOLserver", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98148759123258&w=2" - }, - { - "name" : "20010208 Vulnerability in AOLserver", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98168216003867&w=2" - }, - { - "name" : "2343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting \"...\" into the requested pathname, a modified .. (dot dot) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010206 Vulnerability in AOLserver", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98148759123258&w=2" + }, + { + "name": "20010208 Vulnerability in AOLserver", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98168216003867&w=2" + }, + { + "name": "2343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2343" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0267.json b/2001/0xxx/CVE-2001-0267.json index 72a4fea1843..df724ad106d 100644 --- a/2001/0xxx/CVE-2001-0267.json +++ b/2001/0xxx/CVE-2001-0267.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMP0102-008", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q1/0050.html" - }, - { - "name" : "hp-nmdebug-gain-privileges(6226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6226" - }, - { - "name" : "6032", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMP0102-008", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q1/0050.html" + }, + { + "name": "6032", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6032" + }, + { + "name": "hp-nmdebug-gain-privileges(6226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6226" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0535.json b/2001/0xxx/CVE-2001-0535.json index 31b784864f9..f31db3994c6 100644 --- a/2001/0xxx/CVE-2001-0535.json +++ b/2001/0xxx/CVE-2001-0535.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the \"HTTP Host\" (CGI.Host) variable in (1) the \"Web Publish\" example script, and (2) the \"Email\" example script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010807 Remote Vulnerabilities in Macromedia ColdFusion Example Applications", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise92.php" - }, - { - "name" : "MPSB01-08", - "refsource" : "ALLAIRE", - "url" : "http://www.allaire.com/Handlers/index.cfm?ID=21700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the \"HTTP Host\" (CGI.Host) variable in (1) the \"Web Publish\" example script, and (2) the \"Email\" example script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MPSB01-08", + "refsource": "ALLAIRE", + "url": "http://www.allaire.com/Handlers/index.cfm?ID=21700" + }, + { + "name": "20010807 Remote Vulnerabilities in Macromedia ColdFusion Example Applications", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise92.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0806.json b/2001/0xxx/CVE-2001-0806.json index db5d2df1a18..99cfea14902 100644 --- a/2001/0xxx/CVE-2001-0806.json +++ b/2001/0xxx/CVE-2001-0806.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010626 MacOSX 10.0.X Permissions uncorrectly set", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99358249631139&w=2" - }, - { - "name" : "20011007 OS X 10.1 and localized desktop folder still vulnerable", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/219166" - }, - { - "name" : "20010704 Re: MacOSX 10.0.X Permissions uncorrectly set - I got it", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99436289015729&w=2" - }, - { - "name" : "2930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2930" - }, - { - "name" : "macos-desktop-insecure-permissions(6750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6750" - }, - { - "name" : "1882", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1882", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1882" + }, + { + "name": "20010626 MacOSX 10.0.X Permissions uncorrectly set", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99358249631139&w=2" + }, + { + "name": "macos-desktop-insecure-permissions(6750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6750" + }, + { + "name": "20010704 Re: MacOSX 10.0.X Permissions uncorrectly set - I got it", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99436289015729&w=2" + }, + { + "name": "20011007 OS X 10.1 and localized desktop folder still vulnerable", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/219166" + }, + { + "name": "2930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2930" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0825.json b/2001/0xxx/CVE-2001-0825.json index a18b58f5a3a..a86b882344b 100644 --- a/2001/0xxx/CVE-2001-0825.json +++ b/2001/0xxx/CVE-2001-0825.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2001:406", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406" - }, - { - "name" : "RHSA-2001:092", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-092.html" - }, - { - "name" : "IMNX-2001-70-029-01", - "refsource" : "IMMUNIX", - "url" : "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01" - }, - { - "name" : "2971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2971" - }, - { - "name" : "xinetd-zero-length-bo(6804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2971" + }, + { + "name": "xinetd-zero-length-bo(6804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6804" + }, + { + "name": "CLA-2001:406", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406" + }, + { + "name": "RHSA-2001:092", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-092.html" + }, + { + "name": "IMNX-2001-70-029-01", + "refsource": "IMMUNIX", + "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1040.json b/2001/1xxx/CVE-2001-1040.json index 43e67bf2cc0..b3d183a824a 100644 --- a/2001/1xxx/CVE-2001-1040.json +++ b/2001/1xxx/CVE-2001-1040.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010802 Re: HP Jetdirect passwords don't sync", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/201224" - }, - { - "name" : "3132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3132" + }, + { + "name": "20010802 Re: HP Jetdirect passwords don't sync", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/201224" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2077.json b/2006/2xxx/CVE-2006-2077.json index c24c249f311..1fbf2d3a052 100644 --- a/2006/2xxx/CVE-2006-2077.json +++ b/2006/2xxx/CVE-2006-2077.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact and attack vectors. NOTE: this issue might be related to the OUSPG PROTOS DNS test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phys.uu.nl/~rombouts/pdnsd.html", - "refsource" : "CONFIRM", - "url" : "http://www.phys.uu.nl/~rombouts/pdnsd.html" - }, - { - "name" : "GLSA-200605-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-10.xml" - }, - { - "name" : "VU#955777", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/955777" - }, - { - "name" : "17720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17720" - }, - { - "name" : "20055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20055" - }, - { - "name" : "dns-improper-request-handling(26081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact and attack vectors. NOTE: this issue might be related to the OUSPG PROTOS DNS test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phys.uu.nl/~rombouts/pdnsd.html", + "refsource": "CONFIRM", + "url": "http://www.phys.uu.nl/~rombouts/pdnsd.html" + }, + { + "name": "dns-improper-request-handling(26081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" + }, + { + "name": "VU#955777", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/955777" + }, + { + "name": "17720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17720" + }, + { + "name": "20055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20055" + }, + { + "name": "GLSA-200605-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-10.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2230.json b/2006/2xxx/CVE-2006-2230.json index 8a3b115f0b9..bb62a541590 100644 --- a/2006/2xxx/CVE-2006-2230.json +++ b/2006/2xxx/CVE-2006-2230.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060429 XINE format string bugs when handling non existen file", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432598/100/0/threaded" - }, - { - "name" : "DSA-1093", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1093" - }, - { - "name" : "17769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17769" - }, - { - "name" : "xine-mainc-format-string(26216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060429 XINE format string bugs when handling non existen file", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432598/100/0/threaded" + }, + { + "name": "17769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17769" + }, + { + "name": "xine-mainc-format-string(26216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216" + }, + { + "name": "DSA-1093", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1093" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2550.json b/2006/2xxx/CVE-2006-2550.json index 18f705afa97..571ca68e9af 100644 --- a/2006/2xxx/CVE-2006-2550.json +++ b/2006/2xxx/CVE-2006-2550.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060522 Perlpodder Remote Arbitrary Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434711/100/0/threaded" - }, - { - "name" : "20060522 Perlpodder Remote Arbitrary Command Execution", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0570.html" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.php", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.php" - }, - { - "name" : "18067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18067" - }, - { - "name" : "ADV-2006-1906", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1906" - }, - { - "name" : "25708", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25708" - }, - { - "name" : "20238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20238" - }, - { - "name" : "perlpodder-dlset-command-execution(26575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "perlpodder-dlset-command-execution(26575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26575" + }, + { + "name": "20060522 Perlpodder Remote Arbitrary Command Execution", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0570.html" + }, + { + "name": "20060522 Perlpodder Remote Arbitrary Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434711/100/0/threaded" + }, + { + "name": "ADV-2006-1906", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1906" + }, + { + "name": "20238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20238" + }, + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.php", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-003.php" + }, + { + "name": "18067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18067" + }, + { + "name": "25708", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25708" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2682.json b/2006/2xxx/CVE-2006-2682.json index e6ef2c2df80..87fe00f2902 100644 --- a/2006/2xxx/CVE-2006-2682.json +++ b/2006/2xxx/CVE-2006-2682.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1825", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1825" - }, - { - "name" : "ADV-2006-1979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1979" - }, - { - "name" : "20292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20292" - }, - { - "name" : "backendcms-beconfig-file-inclusion(26699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1825", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1825" + }, + { + "name": "20292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20292" + }, + { + "name": "ADV-2006-1979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1979" + }, + { + "name": "backendcms-beconfig-file-inclusion(26699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26699" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2785.json b/2006/2xxx/CVE-2006-2785.json index 3cdd33f13f7..77102ed0599 100644 --- a/2006/2xxx/CVE-2006-2785.json +++ b/2006/2xxx/CVE-2006-2785.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a \"View Image\" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting \"Show only this frame\" on a frame whose SRC attribute contains a Javascript URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 rPSA-2006-0091-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435795/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-34.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-34.html" - }, - { - "name" : "DSA-1118", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1118" - }, - { - "name" : "DSA-1120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1120" - }, - { - "name" : "DSA-1134", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1134" - }, - { - "name" : "GLSA-200606-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "RHSA-2006:0578", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0578.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "SUSE-SA:2006:035", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" - }, - { - "name" : "USN-296-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/296-1/" - }, - { - "name" : "USN-296-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/296-2/" - }, - { - "name" : "USN-323-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/323-1/" - }, - { - "name" : "18228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18228" - }, - { - "name" : "oval:org.mitre.oval:def:10545", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10545" - }, - { - "name" : "ADV-2006-2106", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2106" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016202", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016202" - }, - { - "name" : "20376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20376" - }, - { - "name" : "20561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20561" - }, - { - "name" : "21134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21134" - }, - { - "name" : "21183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21183" - }, - { - "name" : "21176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21176" - }, - { - "name" : "21178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21178" - }, - { - "name" : "21188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21188" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21324" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-viewimage-xss(26845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a \"View Image\" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting \"Show only this frame\" on a frame whose SRC attribute contains a Javascript URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21176" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "USN-296-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/296-1/" + }, + { + "name": "USN-323-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/323-1/" + }, + { + "name": "20561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20561" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "20060602 rPSA-2006-0091-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "20376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20376" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "mozilla-viewimage-xss(26845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26845" + }, + { + "name": "21178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21178" + }, + { + "name": "1016202", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016202" + }, + { + "name": "18228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18228" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-34.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-34.html" + }, + { + "name": "21188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21188" + }, + { + "name": "21134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21134" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "oval:org.mitre.oval:def:10545", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10545" + }, + { + "name": "USN-296-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/296-2/" + }, + { + "name": "DSA-1118", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1118" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "DSA-1120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1120" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "DSA-1134", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1134" + }, + { + "name": "GLSA-200606-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" + }, + { + "name": "21324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21324" + }, + { + "name": "21183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21183" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "SUSE-SA:2006:035", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" + }, + { + "name": "RHSA-2006:0578", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html" + }, + { + "name": "ADV-2006-2106", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2106" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6098.json b/2006/6xxx/CVE-2006-6098.json index 2cbab8b93c2..3607ed8e301 100644 --- a/2006/6xxx/CVE-2006-6098.json +++ b/2006/6xxx/CVE-2006-6098.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6098", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-6098", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6303.json b/2006/6xxx/CVE-2006-6303.json index 99dd252f354..eac99515cde 100644 --- a/2006/6xxx/CVE-2006-6303.json +++ b/2006/6xxx/CVE-2006-6303.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=157048", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=157048" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287", - "refsource" : "MISC", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287" - }, - { - "name" : "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h&only_with_tag=MAIN&r1=text&tr1=1.92&r2=text&tr2=1.91", - "refsource" : "MISC", - "url" : "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h&only_with_tag=MAIN&r1=text&tr1=1.92&r2=text&tr2=1.91" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305530", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305530" - }, - { - "name" : "APPLE-SA-2007-05-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html" - }, - { - "name" : "GLSA-200612-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-21.xml" - }, - { - "name" : "MDKSA-2006:225", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:225" - }, - { - "name" : "RHSA-2007:0961", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0961.html" - }, - { - "name" : "SUSE-SR:2007:004", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_4_sr.html" - }, - { - "name" : "USN-394-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-394-1" - }, - { - "name" : "JVN#84798830", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2384798830/index.html" - }, - { - "name" : "21441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21441" - }, - { - "name" : "oval:org.mitre.oval:def:10529", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10529" - }, - { - "name" : "ADV-2006-4855", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4855" - }, - { - "name" : "ADV-2007-1939", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1939" - }, - { - "name" : "1017363", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017363" - }, - { - "name" : "23268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23268" - }, - { - "name" : "23165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23165" - }, - { - "name" : "23454", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23454" - }, - { - "name" : "25402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25402" - }, - { - "name" : "27576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27576" - }, - { - "name" : "31090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31090" - }, - { - "name" : "ruby-cgi-library-dos(30734)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.info.apple.com/article.html?artnum=305530", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305530" + }, + { + "name": "USN-394-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-394-1" + }, + { + "name": "31090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31090" + }, + { + "name": "27576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27576" + }, + { + "name": "ADV-2007-1939", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1939" + }, + { + "name": "JVN#84798830", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2384798830/index.html" + }, + { + "name": "23268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23268" + }, + { + "name": "APPLE-SA-2007-05-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287", + "refsource": "MISC", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287" + }, + { + "name": "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/" + }, + { + "name": "25402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25402" + }, + { + "name": "23165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23165" + }, + { + "name": "RHSA-2007:0961", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0961.html" + }, + { + "name": "oval:org.mitre.oval:def:10529", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10529" + }, + { + "name": "ruby-cgi-library-dos(30734)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30734" + }, + { + "name": "1017363", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017363" + }, + { + "name": "SUSE-SR:2007:004", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=157048", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=157048" + }, + { + "name": "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h&only_with_tag=MAIN&r1=text&tr1=1.92&r2=text&tr2=1.91", + "refsource": "MISC", + "url": "http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h&only_with_tag=MAIN&r1=text&tr1=1.92&r2=text&tr2=1.91" + }, + { + "name": "ADV-2006-4855", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4855" + }, + { + "name": "MDKSA-2006:225", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:225" + }, + { + "name": "GLSA-200612-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-21.xml" + }, + { + "name": "23454", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23454" + }, + { + "name": "21441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21441" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6390.json b/2006/6xxx/CVE-2006-6390.json index e55fb113e27..941992f7976 100644 --- a/2006/6xxx/CVE-2006-6390.json +++ b/2006/6xxx/CVE-2006-6390.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2889", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2889" - }, - { - "name" : "21411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21411" - }, - { - "name" : "ADV-2006-4835", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4835" - }, - { - "name" : "23168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23168" - }, - { - "name" : "quickcart-configdbtype-file-include(30698)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4835", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4835" + }, + { + "name": "2889", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2889" + }, + { + "name": "21411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21411" + }, + { + "name": "23168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23168" + }, + { + "name": "quickcart-configdbtype-file-include(30698)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30698" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2147.json b/2011/2xxx/CVE-2011-2147.json index 87a8c1c00a1..4fa91b916d1 100644 --- a/2011/2xxx/CVE-2011-2147.json +++ b/2011/2xxx/CVE-2011-2147.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-security] 20110510 Re: World writable pid and lock files.", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-security/2011/05/msg00013.html" - }, - { - "name" : "[debian-security] 20110510 Re: World writable pid and lock files.", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-security/2011/05/msg00018.html" - }, - { - "name" : "[debian-security] 20110510 World writable pid and lock files.", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-security/2011/05/msg00012.html" - }, - { - "name" : "openswan-pid-dos(67822)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-security] 20110510 World writable pid and lock files.", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-security/2011/05/msg00012.html" + }, + { + "name": "[debian-security] 20110510 Re: World writable pid and lock files.", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-security/2011/05/msg00018.html" + }, + { + "name": "openswan-pid-dos(67822)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67822" + }, + { + "name": "[debian-security] 20110510 Re: World writable pid and lock files.", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-security/2011/05/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2453.json b/2011/2xxx/CVE-2011-2453.json index 048c4f63f6b..7b762d3abb5 100644 --- a/2011/2xxx/CVE-2011-2453.json +++ b/2011/2xxx/CVE-2011-2453.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html" - }, - { - "name" : "GLSA-201204-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml" - }, - { - "name" : "RHSA-2011:1445", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1445.html" - }, - { - "name" : "SUSE-SA:2011:043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html" - }, - { - "name" : "SUSE-SU-2011:1244", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html" - }, - { - "name" : "openSUSE-SU-2011:1240", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html" - }, - { - "name" : "oval:org.mitre.oval:def:14231", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14231" - }, - { - "name" : "oval:org.mitre.oval:def:15862", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15862" - }, - { - "name" : "48819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15862", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15862" + }, + { + "name": "openSUSE-SU-2011:1240", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html" + }, + { + "name": "SUSE-SA:2011:043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html" + }, + { + "name": "SUSE-SU-2011:1244", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html" + }, + { + "name": "GLSA-201204-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-07.xml" + }, + { + "name": "RHSA-2011:1445", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1445.html" + }, + { + "name": "48819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48819" + }, + { + "name": "oval:org.mitre.oval:def:14231", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14231" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-28.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2732.json b/2011/2xxx/CVE-2011-2732.json index 51a48a07652..b1bfc06e36c 100644 --- a/2011/2xxx/CVE-2011-2732.json +++ b/2011/2xxx/CVE-2011-2732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814" - }, - { - "name" : "http://support.springsource.com/security/cve-2011-2732", - "refsource" : "CONFIRM", - "url" : "http://support.springsource.com/security/cve-2011-2732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814" + }, + { + "name": "http://support.springsource.com/security/cve-2011-2732", + "refsource": "CONFIRM", + "url": "http://support.springsource.com/security/cve-2011-2732" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3442.json b/2011/3xxx/CVE-2011-3442.json index 2fe9dab620c..3dd8361573d 100644 --- a/2011/3xxx/CVE-2011-3442.json +++ b/2011/3xxx/CVE-2011-3442.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5052", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5052" - }, - { - "name" : "APPLE-SA-2011-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html" - }, - { - "name" : "1026287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026287" + }, + { + "name": "APPLE-SA-2011-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT5052", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5052" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3464.json b/2011/3xxx/CVE-2011-3464.json index c7a2a5c3644..7f3fbea198a 100644 --- a/2011/3xxx/CVE-2011-3464.json +++ b/2011/3xxx/CVE-2011-3464.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.libpng.org/pub/png/libpng.html", - "refsource" : "CONFIRM", - "url" : "http://www.libpng.org/pub/png/libpng.html" - }, - { - "name" : "GLSA-201206-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-15.xml" - }, - { - "name" : "47827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47827" - }, - { - "name" : "49660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49660" + }, + { + "name": "47827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47827" + }, + { + "name": "GLSA-201206-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-15.xml" + }, + { + "name": "http://www.libpng.org/pub/png/libpng.html", + "refsource": "CONFIRM", + "url": "http://www.libpng.org/pub/png/libpng.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3564.json b/2011/3xxx/CVE-2011-3564.json index 11585be8cdb..4623b6d1581 100644 --- a/2011/3xxx/CVE-2011-3564.json +++ b/2011/3xxx/CVE-2011-3564.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4322.json b/2011/4xxx/CVE-2011-4322.json index 89bf0b9b1f5..ad24476496e 100644 --- a/2011/4xxx/CVE-2011-4322.json +++ b/2011/4xxx/CVE-2011-4322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4322", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4322", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4615.json b/2011/4xxx/CVE-2011-4615.json index 6d46a2895df..a6b2e70192a 100644 --- a/2011/4xxx/CVE-2011-4615.json +++ b/2011/4xxx/CVE-2011-4615.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zabbix.com/rn1.8.10.php", - "refsource" : "CONFIRM", - "url" : "http://www.zabbix.com/rn1.8.10.php" - }, - { - "name" : "https://support.zabbix.com/browse/ZBX-4015", - "refsource" : "CONFIRM", - "url" : "https://support.zabbix.com/browse/ZBX-4015" - }, - { - "name" : "FEDORA-2011-17559", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html" - }, - { - "name" : "FEDORA-2011-17560", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html" - }, - { - "name" : "51093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51093" - }, - { - "name" : "77771", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77771" - }, - { - "name" : "47216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47216" - }, - { - "name" : "zabbix-hostgroups-usergrps-xss(71855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77771", + "refsource": "OSVDB", + "url": "http://osvdb.org/77771" + }, + { + "name": "51093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51093" + }, + { + "name": "FEDORA-2011-17559", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html" + }, + { + "name": "https://support.zabbix.com/browse/ZBX-4015", + "refsource": "CONFIRM", + "url": "https://support.zabbix.com/browse/ZBX-4015" + }, + { + "name": "FEDORA-2011-17560", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html" + }, + { + "name": "zabbix-hostgroups-usergrps-xss(71855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71855" + }, + { + "name": "http://www.zabbix.com/rn1.8.10.php", + "refsource": "CONFIRM", + "url": "http://www.zabbix.com/rn1.8.10.php" + }, + { + "name": "47216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47216" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0605.json b/2013/0xxx/CVE-2013-0605.json index 9e6ccc8e92c..17b56a44748 100644 --- a/2013/0xxx/CVE-2013-0605.json +++ b/2013/0xxx/CVE-2013-0605.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0150", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0150.html" - }, - { - "name" : "SUSE-SU-2013:0044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" - }, - { - "name" : "SUSE-SU-2013:0047", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" - }, - { - "name" : "openSUSE-SU-2013:0193", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" - }, - { - "name" : "oval:org.mitre.oval:def:16266", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" + }, + { + "name": "SUSE-SU-2013:0047", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:0193", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" + }, + { + "name": "oval:org.mitre.oval:def:16266", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16266" + }, + { + "name": "openSUSE-SU-2013:0138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-02.html" + }, + { + "name": "RHSA-2013:0150", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0150.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0734.json b/2013/0xxx/CVE-2013-0734.json index ae0a209cc2b..5e6c514c2c2 100644 --- a/2013/0xxx/CVE-2013-0734.json +++ b/2013/0xxx/CVE-2013-0734.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2013-3", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2013-3" - }, - { - "name" : "58059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58059" - }, - { - "name" : "90432", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90432" - }, - { - "name" : "90433", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90433" - }, - { - "name" : "52167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52167" - }, - { - "name" : "wp-mingleforum-index-admin-xss(82187)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2013-3", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2013-3" + }, + { + "name": "52167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52167" + }, + { + "name": "90433", + "refsource": "OSVDB", + "url": "http://osvdb.org/90433" + }, + { + "name": "wp-mingleforum-index-admin-xss(82187)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82187" + }, + { + "name": "90432", + "refsource": "OSVDB", + "url": "http://osvdb.org/90432" + }, + { + "name": "58059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58059" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1002.json b/2013/1xxx/CVE-2013-1002.json index a0451c2f6ad..9fe70ae6649 100644 --- a/2013/1xxx/CVE-2013-1002.json +++ b/2013/1xxx/CVE-2013-1002.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-1002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5766", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5766" - }, - { - "name" : "http://support.apple.com/kb/HT5785", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5785" - }, - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "APPLE-SA-2013-05-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" - }, - { - "name" : "APPLE-SA-2013-06-04-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:17187", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17187" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5785", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5785" + }, + { + "name": "oval:org.mitre.oval:def:17187", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17187" + }, + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "APPLE-SA-2013-06-04-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT5766", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5766" + }, + { + "name": "APPLE-SA-2013-05-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1724.json b/2013/1xxx/CVE-2013-1724.json index d9a2a9f2845..89f7564d17a 100644 --- a/2013/1xxx/CVE-2013-1724.json +++ b/2013/1xxx/CVE-2013-1724.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-81.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-81.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=894137", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=894137" - }, - { - "name" : "FEDORA-2013-16992", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html" - }, - { - "name" : "FEDORA-2013-17047", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html" - }, - { - "name" : "FEDORA-2013-17074", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html" - }, - { - "name" : "openSUSE-SU-2013:1491", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html" - }, - { - "name" : "openSUSE-SU-2013:1493", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html" - }, - { - "name" : "openSUSE-SU-2013:1495", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html" - }, - { - "name" : "openSUSE-SU-2013:1499", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html" - }, - { - "name" : "USN-1951-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1951-1" - }, - { - "name" : "USN-1952-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1952-1" - }, - { - "name" : "62464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62464" - }, - { - "name" : "oval:org.mitre.oval:def:18982", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1491", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html" + }, + { + "name": "oval:org.mitre.oval:def:18982", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18982" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=894137", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=894137" + }, + { + "name": "FEDORA-2013-16992", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-81.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-81.html" + }, + { + "name": "FEDORA-2013-17074", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html" + }, + { + "name": "USN-1952-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1952-1" + }, + { + "name": "USN-1951-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1951-1" + }, + { + "name": "FEDORA-2013-17047", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html" + }, + { + "name": "openSUSE-SU-2013:1493", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html" + }, + { + "name": "62464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62464" + }, + { + "name": "openSUSE-SU-2013:1499", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html" + }, + { + "name": "openSUSE-SU-2013:1495", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1783.json b/2013/1xxx/CVE-2013-1783.json index c5315fce148..2de855745bd 100644 --- a/2013/1xxx/CVE-2013-1783.json +++ b/2013/1xxx/CVE-2013-1783.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130227 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/28/3" - }, - { - "name" : "http://drupal.org/node/1929496", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1929496" - }, - { - "name" : "http://drupal.org/node/1723246", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1723246" - }, - { - "name" : "http://drupalcode.org/project/business.git/commitdiff/02f081f", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/business.git/commitdiff/02f081f" - }, - { - "name" : "58216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58216" - }, - { - "name" : "90685", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90685" - }, - { - "name" : "52424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52424" - }, - { - "name" : "business-3slidegallery-xss(82460)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52424" + }, + { + "name": "58216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58216" + }, + { + "name": "http://drupal.org/node/1929496", + "refsource": "MISC", + "url": "http://drupal.org/node/1929496" + }, + { + "name": "90685", + "refsource": "OSVDB", + "url": "http://osvdb.org/90685" + }, + { + "name": "http://drupalcode.org/project/business.git/commitdiff/02f081f", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/business.git/commitdiff/02f081f" + }, + { + "name": "business-3slidegallery-xss(82460)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82460" + }, + { + "name": "[oss-security] 20130227 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/28/3" + }, + { + "name": "http://drupal.org/node/1723246", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1723246" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1784.json b/2013/1xxx/CVE-2013-1784.json index e2b7c82899a..47c96e051c3 100644 --- a/2013/1xxx/CVE-2013-1784.json +++ b/2013/1xxx/CVE-2013-1784.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130227 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/28/3" - }, - { - "name" : "http://drupal.org/node/1929500", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1929500" - }, - { - "name" : "http://drupal.org/node/1723532", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1723532" - }, - { - "name" : "http://drupalcode.org/project/clean_theme.git/commitdiff/697f839", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/clean_theme.git/commitdiff/697f839" - }, - { - "name" : "http://drupalcode.org/project/clean_theme.git/commitdiff/ff2da6f", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/clean_theme.git/commitdiff/ff2da6f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1723532", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1723532" + }, + { + "name": "http://drupal.org/node/1929500", + "refsource": "MISC", + "url": "http://drupal.org/node/1929500" + }, + { + "name": "[oss-security] 20130227 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/28/3" + }, + { + "name": "http://drupalcode.org/project/clean_theme.git/commitdiff/ff2da6f", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/clean_theme.git/commitdiff/ff2da6f" + }, + { + "name": "http://drupalcode.org/project/clean_theme.git/commitdiff/697f839", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/clean_theme.git/commitdiff/697f839" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1986.json b/2013/1xxx/CVE-2013-1986.json index 739e57224d9..44de794ca4f 100644 --- a/2013/1xxx/CVE-2013-1986.json +++ b/2013/1xxx/CVE-2013-1986.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3" - }, - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" - }, - { - "name" : "DSA-2684", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2684" - }, - { - "name" : "FEDORA-2013-9056", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106857.html" - }, - { - "name" : "openSUSE-SU-2013:1028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00156.html" - }, - { - "name" : "USN-1862-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1862-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2013-9056", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106857.html" + }, + { + "name": "USN-1862-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1862-1" + }, + { + "name": "openSUSE-SU-2013:1028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00156.html" + }, + { + "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3" + }, + { + "name": "DSA-2684", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2684" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5010.json b/2013/5xxx/CVE-2013-5010.json index 912b2d0848a..81e3e339a1f 100644 --- a/2013/5xxx/CVE-2013-5010.json +++ b/2013/5xxx/CVE-2013-5010.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-5010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00" - }, - { - "name" : "64129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64129" - }, - { - "name" : "symantec-endpoint-cve20135010-sec-bypass(90225)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64129" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00" + }, + { + "name": "symantec-endpoint-cve20135010-sec-bypass(90225)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90225" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5747.json b/2013/5xxx/CVE-2013-5747.json index 08e1179117e..72983e85edd 100644 --- a/2013/5xxx/CVE-2013-5747.json +++ b/2013/5xxx/CVE-2013-5747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2073.json b/2014/2xxx/CVE-2014-2073.json index 2ffc17adec3..16bb77e9cd1 100644 --- a/2014/2xxx/CVE-2014-2073.json +++ b/2014/2xxx/CVE-2014-2073.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to \"CATV5_Backbone_Bus.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/125325/Catia-V5-6R2013-Stack-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125325/Catia-V5-6R2013-Stack-Buffer-Overflow.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to \"CATV5_Backbone_Bus.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/125325/Catia-V5-6R2013-Stack-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125325/Catia-V5-6R2013-Stack-Buffer-Overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0632.json b/2017/0xxx/CVE-2017-0632.json index 2959261c12a..9002ffeec3f 100644 --- a/2017/0xxx/CVE-2017-0632.json +++ b/2017/0xxx/CVE-2017-0632.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98221" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000158.json b/2017/1000xxx/CVE-2017-1000158.json index 6ff616353b1..210094bc1e2 100644 --- a/2017/1000xxx/CVE-2017-1000158.json +++ b/2017/1000xxx/CVE-2017-1000158.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.370843", - "ID" : "CVE-2017-1000158", - "REQUESTER" : "jaybosamiya@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CPython", - "version" : { - "version_data" : [ - { - "version_value" : "2.7.13 and older" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.370843", + "ID": "CVE-2017-1000158", + "REQUESTER": "jaybosamiya@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171124 [SECURITY] [DLA 1189-1] python2.7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html" - }, - { - "name" : "[debian-lts-announce] 20171124 [SECURITY] [DLA 1190-1] python2.6 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html" - }, - { - "name" : "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" - }, - { - "name" : "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" - }, - { - "name" : "https://bugs.python.org/issue30657", - "refsource" : "MISC", - "url" : "https://bugs.python.org/issue30657" - }, - { - "name" : "DSA-4307", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4307" - }, - { - "name" : "GLSA-201805-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-02" - }, - { - "name" : "1039890", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171124 [SECURITY] [DLA 1189-1] python2.7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html" + }, + { + "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" + }, + { + "name": "https://bugs.python.org/issue30657", + "refsource": "MISC", + "url": "https://bugs.python.org/issue30657" + }, + { + "name": "1039890", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039890" + }, + { + "name": "[debian-lts-announce] 20171124 [SECURITY] [DLA 1190-1] python2.6 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html" + }, + { + "name": "DSA-4307", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4307" + }, + { + "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" + }, + { + "name": "GLSA-201805-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12039.json b/2017/12xxx/CVE-2017-12039.json index fb01324ff1e..df6af63c5dd 100644 --- a/2017/12xxx/CVE-2017-12039.json +++ b/2017/12xxx/CVE-2017-12039.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12039", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12039", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12654.json b/2017/12xxx/CVE-2017-12654.json index 5ba852e351c..f6d17a525bb 100644 --- a/2017/12xxx/CVE-2017-12654.json +++ b/2017/12xxx/CVE-2017-12654.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/620", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/620" - }, - { - "name" : "100230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/620", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/620" + }, + { + "name": "100230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100230" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16293.json b/2017/16xxx/CVE-2017-16293.json index 16a702a3c96..6d9a73d85e2 100644 --- a/2017/16xxx/CVE-2017-16293.json +++ b/2017/16xxx/CVE-2017-16293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16547.json b/2017/16xxx/CVE-2017-16547.json index 1aaeac115be..22b0fc1a90e 100644 --- a/2017/16xxx/CVE-2017-16547.json +++ b/2017/16xxx/CVE-2017-16547.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171114 [SECURITY] [DLA 1170-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00016.html" - }, - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/517/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/517/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171114 [SECURITY] [DLA 1170-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00016.html" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/517/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/517/" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16977.json b/2017/16xxx/CVE-2017-16977.json index 2a36f00f9f6..6a9e9aa4d3d 100644 --- a/2017/16xxx/CVE-2017-16977.json +++ b/2017/16xxx/CVE-2017-16977.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16977", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16977", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1016.json b/2017/1xxx/CVE-2017-1016.json index c0ecb8e6207..9f479b6d709 100644 --- a/2017/1xxx/CVE-2017-1016.json +++ b/2017/1xxx/CVE-2017-1016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1016", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1016", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4021.json b/2017/4xxx/CVE-2017-4021.json index 69749fd6e69..466c1214785 100644 --- a/2017/4xxx/CVE-2017-4021.json +++ b/2017/4xxx/CVE-2017-4021.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4021", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4021", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4111.json b/2017/4xxx/CVE-2017-4111.json index 1808b67be3e..77f0a7d546b 100644 --- a/2017/4xxx/CVE-2017-4111.json +++ b/2017/4xxx/CVE-2017-4111.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4111", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4111", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4457.json b/2017/4xxx/CVE-2017-4457.json index 12a49e9782d..21eba45cf1f 100644 --- a/2017/4xxx/CVE-2017-4457.json +++ b/2017/4xxx/CVE-2017-4457.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4457", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4457", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4480.json b/2017/4xxx/CVE-2017-4480.json index b383ff5f50a..cfacfa6f908 100644 --- a/2017/4xxx/CVE-2017-4480.json +++ b/2017/4xxx/CVE-2017-4480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4480", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4480", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5128.json b/2018/5xxx/CVE-2018-5128.json index 5cd6fd37083..b37c8ed6946 100644 --- a/2018/5xxx/CVE-2018-5128.json +++ b/2018/5xxx/CVE-2018-5128.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "59" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free manipulating editor selection ranges" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "59" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1431336", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1431336" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-06/" - }, - { - "name" : "USN-3596-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3596-1/" - }, - { - "name" : "103386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103386" - }, - { - "name" : "1040514", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free manipulating editor selection ranges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431336", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1431336" + }, + { + "name": "103386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103386" + }, + { + "name": "1040514", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040514" + }, + { + "name": "USN-3596-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3596-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5888.json b/2018/5xxx/CVE-2018-5888.json index df055c4fdd3..aa9b60593c5 100644 --- a/2018/5xxx/CVE-2018-5888.json +++ b/2018/5xxx/CVE-2018-5888.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-5888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Calculation of Buffer Size in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-06-05T00:00:00", + "ID": "CVE-2018-5888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" - }, - { - "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=5388803fa6d004382f4a857056ce06d963698d9c", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=5388803fa6d004382f4a857056ce06d963698d9c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Calculation of Buffer Size in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=5388803fa6d004382f4a857056ce06d963698d9c", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=5388803fa6d004382f4a857056ce06d963698d9c" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" + } + ] + } +} \ No newline at end of file