diff --git a/2001/0xxx/CVE-2001-0335.json b/2001/0xxx/CVE-2001-0335.json index 0e0cce71c72..a431cfde6f2 100644 --- a/2001/0xxx/CVE-2001-0335.json +++ b/2001/0xxx/CVE-2001-0335.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026" - }, - { - "name" : "iis-ftp-domain-authentication(6545)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6545" - }, - { - "name" : "2719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026" + }, + { + "name": "iis-ftp-domain-authentication(6545)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6545" + }, + { + "name": "2719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2719" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0848.json b/2001/0xxx/CVE-2001-0848.json index 839025f2fc7..b7a1fb049fd 100644 --- a/2001/0xxx/CVE-2001-0848.json +++ b/2001/0xxx/CVE-2001-0848.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011101 Fuse Talk vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100463832209281&w=2" - }, - { - "name" : "3496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3496" - }, - { - "name" : "fusetalk-joincfm-sql-execution(7445)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7445.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011101 Fuse Talk vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100463832209281&w=2" + }, + { + "name": "3496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3496" + }, + { + "name": "fusetalk-joincfm-sql-execution(7445)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7445.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1133.json b/2001/1xxx/CVE-2001-1133.json index f2d9c166b0b..3ec0f86427d 100644 --- a/2001/1xxx/CVE-2001-1133.json +++ b/2001/1xxx/CVE-2001-1133.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010821 BSDi (3.0/3.1) reboot machine code as any user (non-specific)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/209192" - }, - { - "name" : "bsd-kernel-dos(7023)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7023.php" - }, - { - "name" : "3220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3220" + }, + { + "name": "bsd-kernel-dos(7023)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7023.php" + }, + { + "name": "20010821 BSDi (3.0/3.1) reboot machine code as any user (non-specific)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/209192" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2149.json b/2006/2xxx/CVE-2006-2149.json index 6a7aeec552d..4fb3673c262 100644 --- a/2006/2xxx/CVE-2006-2149.json +++ b/2006/2xxx/CVE-2006-2149.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1732", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1732" - }, - { - "name" : "17940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17940" - }, - { - "name" : "ADV-2006-1587", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1587" - }, - { - "name" : "25158", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25158" - }, - { - "name" : "19911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19911" - }, - { - "name" : "aardvark-lostpw-join-file-include(26189)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1732", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1732" + }, + { + "name": "17940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17940" + }, + { + "name": "19911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19911" + }, + { + "name": "ADV-2006-1587", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1587" + }, + { + "name": "25158", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25158" + }, + { + "name": "aardvark-lostpw-join-file-include(26189)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26189" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2434.json b/2006/2xxx/CVE-2006-2434.json index 7248ff5dd22..4a92c2e9c43 100644 --- a/2006/2xxx/CVE-2006-2434.json +++ b/2006/2xxx/CVE-2006-2434.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060509 IBM Websphere Application Server Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879" - }, - { - "name" : "ADV-2006-1736", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1736" - }, - { - "name" : "ADV-2006-2552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2552" - }, - { - "name" : "20032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20032" - }, - { - "name" : "910", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879" + }, + { + "name": "910", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/910" + }, + { + "name": "ADV-2006-1736", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1736" + }, + { + "name": "ADV-2006-2552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2552" + }, + { + "name": "20032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20032" + }, + { + "name": "20060509 IBM Websphere Application Server Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2461.json b/2006/2xxx/CVE-2006-2461.json index 42d0738c2fc..ccf9295c1d1 100644 --- a/2006/2xxx/CVE-2006-2461.json +++ b/2006/2xxx/CVE-2006-2461.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA06-132.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/194" - }, - { - "name" : "ADV-2006-1828", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1828" - }, - { - "name" : "1016102", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016102" - }, - { - "name" : "20130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20130" - }, - { - "name" : "weblogic-transaction-channel-insecure(26459)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20130" + }, + { + "name": "1016102", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016102" + }, + { + "name": "ADV-2006-1828", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1828" + }, + { + "name": "BEA06-132.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/194" + }, + { + "name": "weblogic-transaction-channel-insecure(26459)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26459" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2546.json b/2006/2xxx/CVE-2006-2546.json index abf6257ded2..a6d20eb5650 100644 --- a/2006/2xxx/CVE-2006-2546.json +++ b/2006/2xxx/CVE-2006-2546.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA06-131.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/193" - }, - { - "name" : "ADV-2006-1828", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1828" - }, - { - "name" : "1016101", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016101" - }, - { - "name" : "20130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20130" - }, - { - "name" : "weblogic-admin-password-cleartext(26460)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20130" + }, + { + "name": "1016101", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016101" + }, + { + "name": "ADV-2006-1828", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1828" + }, + { + "name": "BEA06-131.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/193" + }, + { + "name": "weblogic-admin-password-cleartext(26460)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26460" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2833.json b/2006/2xxx/CVE-2006-2833.json index c617b6eeb1d..b705317946c 100644 --- a/2006/2xxx/CVE-2006-2833.json +++ b/2006/2xxx/CVE-2006-2833.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 [DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435793/100/0/threaded" - }, - { - "name" : "http://drupal.org/node/66767", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/66767" - }, - { - "name" : "http://drupal.org/files/sa-2006-008/4.6.7.patch", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/files/sa-2006-008/4.6.7.patch" - }, - { - "name" : "DSA-1125", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1125" - }, - { - "name" : "18245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18245" - }, - { - "name" : "ADV-2006-2112", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2112" - }, - { - "name" : "20412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20412" - }, - { - "name" : "21244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21244" - }, - { - "name" : "1041", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1041" - }, - { - "name" : "drupal-taxonomy-xss(26893)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20412" + }, + { + "name": "1041", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1041" + }, + { + "name": "http://drupal.org/node/66767", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/66767" + }, + { + "name": "18245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18245" + }, + { + "name": "drupal-taxonomy-xss(26893)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26893" + }, + { + "name": "DSA-1125", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1125" + }, + { + "name": "ADV-2006-2112", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2112" + }, + { + "name": "21244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21244" + }, + { + "name": "20060602 [DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435793/100/0/threaded" + }, + { + "name": "http://drupal.org/files/sa-2006-008/4.6.7.patch", + "refsource": "CONFIRM", + "url": "http://drupal.org/files/sa-2006-008/4.6.7.patch" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6057.json b/2006/6xxx/CVE-2006-6057.json index 93d85fbb0af..ae3a85f25e0 100644 --- a/2006/6xxx/CVE-2006-6057.json +++ b/2006/6xxx/CVE-2006-6057.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/mokb/MOKB-15-11-2006.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/mokb/MOKB-15-11-2006.html" - }, - { - "name" : "USN-416-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-416-1" - }, - { - "name" : "ADV-2006-4556", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4556" - }, - { - "name" : "22886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22886" - }, - { - "name" : "24098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24098" - }, - { - "name" : "kernel-gfs2-dos(30307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://projects.info-pull.com/mokb/MOKB-15-11-2006.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/mokb/MOKB-15-11-2006.html" + }, + { + "name": "24098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24098" + }, + { + "name": "ADV-2006-4556", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4556" + }, + { + "name": "USN-416-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-416-1" + }, + { + "name": "22886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22886" + }, + { + "name": "kernel-gfs2-dos(30307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30307" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6636.json b/2006/6xxx/CVE-2006-6636.json index d7794733548..c716147ca6b 100644 --- a/2006/6xxx/CVE-2006-6636.json +++ b/2006/6xxx/CVE-2006-6636.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27006876", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27006876" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27006879", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27006879" - }, - { - "name" : "PK29725", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK29725" - }, - { - "name" : "21608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21608" - }, - { - "name" : "21636", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21636" - }, - { - "name" : "ADV-2006-5017", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5017" - }, - { - "name" : "ADV-2006-5050", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5050" - }, - { - "name" : "23386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23386" - }, - { - "name" : "23414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23414" - }, - { - "name" : "websphere-utility-classes-unspecified(30903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876" + }, + { + "name": "23386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23386" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879" + }, + { + "name": "websphere-utility-classes-unspecified(30903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30903" + }, + { + "name": "21608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21608" + }, + { + "name": "ADV-2006-5017", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5017" + }, + { + "name": "21636", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21636" + }, + { + "name": "PK29725", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK29725" + }, + { + "name": "23414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23414" + }, + { + "name": "ADV-2006-5050", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5050" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2126.json b/2011/2xxx/CVE-2011-2126.json index f1a09060728..febcb3ee7aa 100644 --- a/2011/2xxx/CVE-2011-2126.json +++ b/2011/2xxx/CVE-2011-2126.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html" - }, - { - "name" : "TA11-166A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" - }, - { - "name" : "48309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48309" - }, - { - "name" : "73011", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73011" - }, - { - "name" : "adobe-shockwave-unspec-bo(68050)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73011", + "refsource": "OSVDB", + "url": "http://osvdb.org/73011" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-17.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-17.html" + }, + { + "name": "adobe-shockwave-unspec-bo(68050)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68050" + }, + { + "name": "TA11-166A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" + }, + { + "name": "48309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48309" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2476.json b/2011/2xxx/CVE-2011-2476.json index 2a9d8d0d96a..c19aff8b719 100644 --- a/2011/2xxx/CVE-2011-2476.json +++ b/2011/2xxx/CVE-2011-2476.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110608 CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/08/2" - }, - { - "name" : "[oss-security] 20110608 Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/08/6" - }, - { - "name" : "http://forum.coppermine-gallery.net/index.php/topic,69495.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.coppermine-gallery.net/index.php/topic,69495.0.html" - }, - { - "name" : "http://sourceforge.net/news/?group_id=89658", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/news/?group_id=89658" - }, - { - "name" : "cpg-unspecified-xss(68058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110608 CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/08/2" + }, + { + "name": "[oss-security] 20110608 Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/08/6" + }, + { + "name": "http://forum.coppermine-gallery.net/index.php/topic,69495.0.html", + "refsource": "CONFIRM", + "url": "http://forum.coppermine-gallery.net/index.php/topic,69495.0.html" + }, + { + "name": "http://sourceforge.net/news/?group_id=89658", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/news/?group_id=89658" + }, + { + "name": "cpg-unspecified-xss(68058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68058" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3040.json b/2011/3xxx/CVE-2011-3040.json index c27d4803b4b..09f00960bac 100644 --- a/2011/3xxx/CVE-2011-3040.json +++ b/2011/3xxx/CVE-2011-3040.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=114054", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=114054" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201203-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" - }, - { - "name" : "openSUSE-SU-2012:0374", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" - }, - { - "name" : "52271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52271" - }, - { - "name" : "oval:org.mitre.oval:def:14996", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14996" - }, - { - "name" : "1026759", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026759" - }, - { - "name" : "48527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48527" - }, - { - "name" : "48419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48419" - }, - { - "name" : "48265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48265" - }, - { - "name" : "chrome-text-handling-code-exec(73651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=114054", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=114054" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "1026759", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026759" + }, + { + "name": "48527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48527" + }, + { + "name": "chrome-text-handling-code-exec(73651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73651" + }, + { + "name": "oval:org.mitre.oval:def:14996", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14996" + }, + { + "name": "48265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48265" + }, + { + "name": "48419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48419" + }, + { + "name": "openSUSE-SU-2012:0374", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "52271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52271" + }, + { + "name": "GLSA-201203-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-19.xml" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3490.json b/2011/3xxx/CVE-2011-3490.json index 360ca1989c2..aa404165968 100644 --- a/2011/3xxx/CVE-2011-3490.json +++ b/2011/3xxx/CVE-2011-3490.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17848", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17848" - }, - { - "name" : "http://aluigi.altervista.org/adv/scadapro_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/scadapro_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf" - }, - { - "name" : "8382", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8382", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8382" + }, + { + "name": "17848", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17848" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf" + }, + { + "name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4196.json b/2011/4xxx/CVE-2011-4196.json index d3310d7ff11..0735f312e55 100644 --- a/2011/4xxx/CVE-2011-4196.json +++ b/2011/4xxx/CVE-2011-4196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4196", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4196", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4560.json b/2011/4xxx/CVE-2011-4560.json index 2fc9929d83a..51c703c8b0f 100644 --- a/2011/4xxx/CVE-2011-4560.json +++ b/2011/4xxx/CVE-2011-4560.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/1300238", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1300238" - }, - { - "name" : "49982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49982" - }, - { - "name" : "76094", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76094" - }, - { - "name" : "46333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46333" - }, - { - "name" : "drupal-petitionnode-unspecified-xss(70342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49982" + }, + { + "name": "76094", + "refsource": "OSVDB", + "url": "http://osvdb.org/76094" + }, + { + "name": "drupal-petitionnode-unspecified-xss(70342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70342" + }, + { + "name": "http://drupal.org/node/1300238", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1300238" + }, + { + "name": "46333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46333" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4788.json b/2011/4xxx/CVE-2011-4788.json index abe90f45a50..1b5c55dcde8 100644 --- a/2011/4xxx/CVE-2011-4788.json +++ b/2011/4xxx/CVE-2011-4788.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-4788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120112 ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0088.html" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-12-015/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-12-015/" - }, - { - "name" : "HPSBST02735", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132672509901841&w=2" - }, - { - "name" : "SSRT100516", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132672509901841&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100516", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132672509901841&w=2" + }, + { + "name": "HPSBST02735", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132672509901841&w=2" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-12-015/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-12-015/" + }, + { + "name": "20120112 ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0088.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4802.json b/2011/4xxx/CVE-2011-4802.json index a85d9cc4c8d..a9897e98440 100644 --- a/2011/4xxx/CVE-2011-4802.json +++ b/2011/4xxx/CVE-2011-4802.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111123 Multiple vulnerabilities in Dolibarr", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520619/100/0/threaded" - }, - { - "name" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html", - "refsource" : "MISC", - "url" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html" - }, - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91" - }, - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1" - }, - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a" - }, - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675" - }, - { - "name" : "50777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50777" - }, - { - "name" : "77340", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77340" - }, - { - "name" : "77341", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77341" - }, - { - "name" : "77342", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77342" - }, - { - "name" : "77343", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77343" - }, - { - "name" : "77344", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77344" - }, - { - "name" : "77345", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77345" - }, - { - "name" : "77346", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77346" - }, - { - "name" : "77347", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111123 Multiple vulnerabilities in Dolibarr", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520619/100/0/threaded" + }, + { + "name": "77346", + "refsource": "OSVDB", + "url": "http://osvdb.org/77346" + }, + { + "name": "77340", + "refsource": "OSVDB", + "url": "http://osvdb.org/77340" + }, + { + "name": "https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675" + }, + { + "name": "77341", + "refsource": "OSVDB", + "url": "http://osvdb.org/77341" + }, + { + "name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html", + "refsource": "MISC", + "url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html" + }, + { + "name": "https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91" + }, + { + "name": "https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1" + }, + { + "name": "77345", + "refsource": "OSVDB", + "url": "http://osvdb.org/77345" + }, + { + "name": "https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a" + }, + { + "name": "77347", + "refsource": "OSVDB", + "url": "http://osvdb.org/77347" + }, + { + "name": "77344", + "refsource": "OSVDB", + "url": "http://osvdb.org/77344" + }, + { + "name": "50777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50777" + }, + { + "name": "77343", + "refsource": "OSVDB", + "url": "http://osvdb.org/77343" + }, + { + "name": "77342", + "refsource": "OSVDB", + "url": "http://osvdb.org/77342" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4898.json b/2011/4xxx/CVE-2011-4898.json index f236ae66157..a9c108b9b5c 100644 --- a/2011/4xxx/CVE-2011-4898.json +++ b/2011/4xxx/CVE-2011-4898.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html" - }, - { - "name" : "18417", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18417" - }, - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18417", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18417" + }, + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt" + }, + { + "name": "20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0088.json b/2013/0xxx/CVE-2013-0088.json index 23ed605318c..929e4589922 100644 --- a/2013/0xxx/CVE-2013-0088.json +++ b/2013/0xxx/CVE-2013-0088.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer saveHistory Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021" - }, - { - "name" : "TA13-071A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" - }, - { - "name" : "oval:org.mitre.oval:def:16386", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer saveHistory Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16386", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16386" + }, + { + "name": "TA13-071A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A" + }, + { + "name": "MS13-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0280.json b/2013/0xxx/CVE-2013-0280.json index 788991f7113..db9875f4208 100644 --- a/2013/0xxx/CVE-2013-0280.json +++ b/2013/0xxx/CVE-2013-0280.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0280", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1664, CVE-2013-1665. Reason: This candidate is a duplicate of CVE-2013-1664 and/or CVE-2013-1665. Notes: All CVE users should reference CVE-2013-1664 and/or CVE-2013-1665 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0280", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1664, CVE-2013-1665. Reason: This candidate is a duplicate of CVE-2013-1664 and/or CVE-2013-1665. Notes: All CVE users should reference CVE-2013-1664 and/or CVE-2013-1665 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0373.json b/2013/0xxx/CVE-2013-0373.json index e70fd3834f3..8a75312367e 100644 --- a/2013/0xxx/CVE-2013-0373.json +++ b/2013/0xxx/CVE-2013-0373.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0521.json b/2013/0xxx/CVE-2013-0521.json index 7ba2183e286..bfc0ce2d425 100644 --- a/2013/0xxx/CVE-2013-0521.json +++ b/2013/0xxx/CVE-2013-0521.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0521", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0521", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0945.json b/2013/0xxx/CVE-2013-0945.json index 177ea1bfb4c..b5168e5c982 100644 --- a/2013/0xxx/CVE-2013-0945.json +++ b/2013/0xxx/CVE-2013-0945.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-0945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130502 ESA-2013-035: EMC Avamar Client Improper Certificate Validation Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-05/0014.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130502 ESA-2013-035: EMC Avamar Client Improper Certificate Validation Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0014.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1614.json b/2013/1xxx/CVE-2013-1614.json index aca53b7a255..cf11dd06e56 100644 --- a/2013/1xxx/CVE-2013-1614.json +++ b/2013/1xxx/CVE-2013-1614.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-1614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00" - }, - { - "name" : "60797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00" + }, + { + "name": "60797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60797" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5359.json b/2013/5xxx/CVE-2013-5359.json index e206578dcd3..c087fb24738 100644 --- a/2013/5xxx/CVE-2013-5359.json +++ b/2013/5xxx/CVE-2013-5359.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-5359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2013-14/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2013-14/" - }, - { - "name" : "https://support.google.com/picasa/answer/53209", - "refsource" : "CONFIRM", - "url" : "https://support.google.com/picasa/answer/53209" - }, - { - "name" : "1029527", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029527" - }, - { - "name" : "55555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55555" + }, + { + "name": "http://secunia.com/secunia_research/2013-14/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2013-14/" + }, + { + "name": "1029527", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029527" + }, + { + "name": "https://support.google.com/picasa/answer/53209", + "refsource": "CONFIRM", + "url": "https://support.google.com/picasa/answer/53209" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5386.json b/2013/5xxx/CVE-2013-5386.json index 2e2831df9be..262644c0f9d 100644 --- a/2013/5xxx/CVE-2013-5386.json +++ b/2013/5xxx/CVE-2013-5386.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5386", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5386", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5929.json b/2013/5xxx/CVE-2013-5929.json index 0ad88026229..3817299f114 100644 --- a/2013/5xxx/CVE-2013-5929.json +++ b/2013/5xxx/CVE-2013-5929.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5929", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5929", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2048.json b/2014/2xxx/CVE-2014-2048.json index 5a8992c122b..0ce1e53c2c8 100644 --- a/2014/2xxx/CVE-2014-2048.json +++ b/2014/2xxx/CVE-2014-2048.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://owncloud.org/security/advisories/insecure-openid-implementation/", - "refsource" : "CONFIRM", - "url" : "https://owncloud.org/security/advisories/insecure-openid-implementation/" - }, - { - "name" : "owncloud-cve20142048-sec-bypass(91973)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://owncloud.org/security/advisories/insecure-openid-implementation/", + "refsource": "CONFIRM", + "url": "https://owncloud.org/security/advisories/insecure-openid-implementation/" + }, + { + "name": "owncloud-cve20142048-sec-bypass(91973)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91973" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2185.json b/2014/2xxx/CVE-2014-2185.json index e1f28ce7b0e..9846c38b19f 100644 --- a/2014/2xxx/CVE-2014-2185.json +++ b/2014/2xxx/CVE-2014-2185.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140428 Cisco Unified Communications Manager CDR Management Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140428 Cisco Unified Communications Manager CDR Management Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2593.json b/2014/2xxx/CVE-2014-2593.json index 46f7e30e37f..a631e82a4a5 100644 --- a/2014/2xxx/CVE-2014-2593.json +++ b/2014/2xxx/CVE-2014-2593.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593" - }, - { - "name" : "http://www.arubanetworks.com/support/alerts/aid-050214.asc", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/support/alerts/aid-050214.asc" - }, - { - "name" : "69391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69391" - }, - { - "name" : "109662", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/109662" - }, - { - "name" : "aruba-clearpass-cve20142593-command-exec(95491)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "109662", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/109662" + }, + { + "name": "http://www.arubanetworks.com/support/alerts/aid-050214.asc", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/support/alerts/aid-050214.asc" + }, + { + "name": "aruba-clearpass-cve20142593-command-exec(95491)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95491" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593" + }, + { + "name": "69391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69391" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2719.json b/2014/2xxx/CVE-2014-2719.json index 75f83ed6f5e..0be06c2bcaa 100644 --- a/2014/2xxx/CVE-2014-2719.json +++ b/2014/2xxx/CVE-2014-2719.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140416 ASUS RT-XXXX SOHO routers expose admin password, fixed in 3.0.0.4.374.5517", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/225" - }, - { - "name" : "http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html", - "refsource" : "MISC", - "url" : "http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html" - }, - { - "name" : "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29", - "refsource" : "CONFIRM", - "url" : "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29" - }, - { - "name" : "https://support.t-mobile.com/docs/DOC-21994", - "refsource" : "CONFIRM", - "url" : "https://support.t-mobile.com/docs/DOC-21994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html", + "refsource": "MISC", + "url": "http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html" + }, + { + "name": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29", + "refsource": "CONFIRM", + "url": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29" + }, + { + "name": "20140416 ASUS RT-XXXX SOHO routers expose admin password, fixed in 3.0.0.4.374.5517", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/225" + }, + { + "name": "https://support.t-mobile.com/docs/DOC-21994", + "refsource": "CONFIRM", + "url": "https://support.t-mobile.com/docs/DOC-21994" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0383.json b/2017/0xxx/CVE-2017-0383.json index edbe31e7456..335a3a06a49 100644 --- a/2017/0xxx/CVE-2017-0383.json +++ b/2017/0xxx/CVE-2017-0383.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95243" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0641.json b/2017/0xxx/CVE-2017-0641.json index 59002997216..15cafde3f15 100644 --- a/2017/0xxx/CVE-2017-0641.json +++ b/2017/0xxx/CVE-2017-0641.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98868" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98868" + }, + { + "name": "https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0906.json b/2017/0xxx/CVE-2017-0906.json index 62180a2ac04..1a7749379aa 100644 --- a/2017/0xxx/CVE-2017-0906.json +++ b/2017/0xxx/CVE-2017-0906.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "recurly python module", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2" - } - ] - } - } - ] - }, - "vendor_name" : "Recurly" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the \"Resource.get\" method that could result in compromise of API keys or other critical resources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server-Side Request Forgery (SSRF) (CWE-918)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "recurly python module", + "version": { + "version_data": [ + { + "version_value": "Versions before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2" + } + ] + } + } + ] + }, + "vendor_name": "Recurly" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/288635", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/288635" - }, - { - "name" : "https://dev.recurly.com/page/python-updates", - "refsource" : "CONFIRM", - "url" : "https://dev.recurly.com/page/python-updates" - }, - { - "name" : "https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742", - "refsource" : "CONFIRM", - "url" : "https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the \"Resource.get\" method that could result in compromise of API keys or other critical resources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery (SSRF) (CWE-918)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/288635", + "refsource": "MISC", + "url": "https://hackerone.com/reports/288635" + }, + { + "name": "https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742", + "refsource": "CONFIRM", + "url": "https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742" + }, + { + "name": "https://dev.recurly.com/page/python-updates", + "refsource": "CONFIRM", + "url": "https://dev.recurly.com/page/python-updates" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0960.json b/2017/0xxx/CVE-2017-0960.json index a31e73095a1..beeee0d2bb9 100644 --- a/2017/0xxx/CVE-2017-0960.json +++ b/2017/0xxx/CVE-2017-0960.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0960", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0960", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000108.json b/2017/1000xxx/CVE-2017-1000108.json index b45b1cb8122..5ef5404f69f 100644 --- a/2017/1000xxx/CVE-2017-1000108.json +++ b/2017/1000xxx/CVE-2017-1000108.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.322252", - "ID" : "CVE-2017-1000108", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Pipeline: Input Step Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.7 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Pipeline: Input Step Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.322252", + "ID": "CVE-2017-1000108", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-08-07/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-08-07/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-08-07/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-08-07/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12673.json b/2017/12xxx/CVE-2017-12673.json index 74260c43453..3489a32d4f3 100644 --- a/2017/12xxx/CVE-2017-12673.json +++ b/2017/12xxx/CVE-2017-12673.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/619", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/619" - }, - { - "name" : "100228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100228" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/619", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/619" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16056.json b/2017/16xxx/CVE-2017-16056.json index fe098a65da9..cc15ea9b46f 100644 --- a/2017/16xxx/CVE-2017-16056.json +++ b/2017/16xxx/CVE-2017-16056.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mssql.js node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded Malicious Code (CWE-506)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mssql.js node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/485", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded Malicious Code (CWE-506)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/485", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/485" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16606.json b/2017/16xxx/CVE-2017-16606.json index ed47cec8f4b..3b8a1fecf37 100644 --- a/2017/16xxx/CVE-2017-16606.json +++ b/2017/16xxx/CVE-2017-16606.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetGain Systems Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.730 build 1034" - } - ] - } - } - ] - }, - "vendor_name" : "NetGain Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp._3d.add_005f3d_005fview_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5197." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetGain Systems Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name": "NetGain Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-971", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp._3d.add_005f3d_005fview_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5197." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-971", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-971" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16816.json b/2017/16xxx/CVE-2017-16816.json index 39c43ecd421..decc0c800f3 100644 --- a/2017/16xxx/CVE-2017-16816.json +++ b/2017/16xxx/CVE-2017-16816.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[condor-users] 20171114 HTCondor Security Release: 8.6.8 and 8.7.5", - "refsource" : "MLIST", - "url" : "https://www-auth.cs.wisc.edu/lists/htcondor-users/2017-November/msg00022.shtml" - }, - { - "name" : "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2017-0001.html", - "refsource" : "CONFIRM", - "url" : "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2017-0001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[condor-users] 20171114 HTCondor Security Release: 8.6.8 and 8.7.5", + "refsource": "MLIST", + "url": "https://www-auth.cs.wisc.edu/lists/htcondor-users/2017-November/msg00022.shtml" + }, + { + "name": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2017-0001.html", + "refsource": "CONFIRM", + "url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2017-0001.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1847.json b/2017/1xxx/CVE-2017-1847.json index 7113e3953f0..1b511cf5a8b 100644 --- a/2017/1xxx/CVE-2017-1847.json +++ b/2017/1xxx/CVE-2017-1847.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1847", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1847", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4596.json b/2017/4xxx/CVE-2017-4596.json index 7e4921b7848..34872897598 100644 --- a/2017/4xxx/CVE-2017-4596.json +++ b/2017/4xxx/CVE-2017-4596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4596", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4596", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4891.json b/2017/4xxx/CVE-2017-4891.json index 106937ad95e..877bad41446 100644 --- a/2017/4xxx/CVE-2017-4891.json +++ b/2017/4xxx/CVE-2017-4891.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4891", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4891", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4967.json b/2017/4xxx/CVE-2017-4967.json index 0dfaf431809..f53b2d18860 100644 --- a/2017/4xxx/CVE-2017-4967.json +++ b/2017/4xxx/CVE-2017-4967.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pivotal RabbitMQ", - "version" : { - "version_data" : [ - { - "version_value" : "Pivotal RabbitMQ" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS vulnerabilities in RabbitMQ management UI" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pivotal RabbitMQ", + "version": { + "version_data": [ + { + "version_value": "Pivotal RabbitMQ" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2017-4965", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2017-4965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS vulnerabilities in RabbitMQ management UI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2017-4965", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2017-4965" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4973.json b/2017/4xxx/CVE-2017-4973.json index 6a26b760817..aadbb5724ae 100644 --- a/2017/4xxx/CVE-2017-4973.json +++ b/2017/4xxx/CVE-2017-4973.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Foundry UAA", - "version" : { - "version_data" : [ - { - "version_value" : "Cloud Foundry UAA" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation in UAA" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry UAA", + "version": { + "version_data": [ + { + "version_value": "Cloud Foundry UAA" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/cve-2017-4973/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/cve-2017-4973/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation in UAA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/cve-2017-4973/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/cve-2017-4973/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5274.json b/2018/5xxx/CVE-2018-5274.json index bd2f901f05b..98cfd51a146 100644 --- a/2018/5xxx/CVE-2018-5274.json +++ b/2018/5xxx/CVE-2018-5274.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024", - "refsource" : "MISC", - "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they \"have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024", + "refsource": "MISC", + "url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5810.json b/2018/5xxx/CVE-2018-5810.json index 3d444f69f32..000d5066b13 100644 --- a/2018/5xxx/CVE-2018-5810.json +++ b/2018/5xxx/CVE-2018-5810.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2018-5810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibRaw", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 0.18.9" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error within the \"rollei_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS (Denial of Service) through heap-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2018-5810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibRaw", + "version": { + "version_data": [ + { + "version_value": "Prior to 0.18.9" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" - }, - { - "name" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/" - }, - { - "name" : "USN-3838-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3838-1/" - }, - { - "name" : "81800", - "refsource" : "SECUNIA", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/81800/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error within the \"rollei_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS (Denial of Service) through heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/" + }, + { + "name": "81800", + "refsource": "SECUNIA", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/81800/" + }, + { + "name": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9" + }, + { + "name": "USN-3838-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3838-1/" + } + ] + } +} \ No newline at end of file