diff --git a/2001/0xxx/CVE-2001-0022.json b/2001/0xxx/CVE-2001-0022.json index f5953a72521..ac98b5d1648 100644 --- a/2001/0xxx/CVE-2001-0022.json +++ b/2001/0xxx/CVE-2001-0022.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001213 Re: Insecure input validation in simplestmail.cgi", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0168.html" - }, - { - "name" : "2106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2106" - }, - { - "name" : "http-cgi-simplestguest(5743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2106" + }, + { + "name": "20001213 Re: Insecure input validation in simplestmail.cgi", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0168.html" + }, + { + "name": "http-cgi-simplestguest(5743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5743" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0028.json b/2001/0xxx/CVE-2001-0028.json index aab79094eb8..719b4467cd1 100644 --- a/2001/0xxx/CVE-2001-0028.json +++ b/2001/0xxx/CVE-2001-0028.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of \" (quotation) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001211 [pkc] remote heap buffer overflow in oops", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html" - }, - { - "name" : "FreeBSD-SA-00:79", - "refsource" : "FREEBSD", - "url" : "http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html" - }, - { - "name" : "2099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2099" - }, - { - "name" : "oops-ftputils-bo(5725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of \" (quotation) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2099" + }, + { + "name": "FreeBSD-SA-00:79", + "refsource": "FREEBSD", + "url": "http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html" + }, + { + "name": "20001211 [pkc] remote heap buffer overflow in oops", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html" + }, + { + "name": "oops-ftputils-bo(5725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5725" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0066.json b/2001/0xxx/CVE-2001-0066.json index c16efcb80c0..1f67dbf3caa 100644 --- a/2001/0xxx/CVE-2001-0066.json +++ b/2001/0xxx/CVE-2001-0066.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001126 [MSY] S(ecure)Locate heap corruption vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html" - }, - { - "name" : "DSA-005-1", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2000/20001217a" - }, - { - "name" : "MDKSA-2000:085", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-085.php3" - }, - { - "name" : "RHSA-2000:128", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-128.html" - }, - { - "name" : "CLA-2001:369", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369" - }, - { - "name" : "TLSA2001002-1", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/pipermail/tl-security-announce/2001-February/000144.html" - }, - { - "name" : "slocate-heap-execute-code(5594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5594" - }, - { - "name" : "2004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2000:085", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-085.php3" + }, + { + "name": "slocate-heap-execute-code(5594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5594" + }, + { + "name": "TLSA2001002-1", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/pipermail/tl-security-announce/2001-February/000144.html" + }, + { + "name": "20001126 [MSY] S(ecure)Locate heap corruption vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html" + }, + { + "name": "2004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2004" + }, + { + "name": "RHSA-2000:128", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-128.html" + }, + { + "name": "DSA-005-1", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2000/20001217a" + }, + { + "name": "CLA-2001:369", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0129.json b/2001/0xxx/CVE-2001-0129.json index f5f013b4982..298f52bda2c 100644 --- a/2001/0xxx/CVE-2001-0129.json +++ b/2001/0xxx/CVE-2001-0129.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010117 [pkc] remote heap overflow in tinyproxy", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97975486527750&w=2" - }, - { - "name" : "DSA-018", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-018" - }, - { - "name" : "2217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2217" - }, - { - "name" : "tinyproxy-remote-bo(5954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tinyproxy-remote-bo(5954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5954" + }, + { + "name": "DSA-018", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-018" + }, + { + "name": "2217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2217" + }, + { + "name": "20010117 [pkc] remote heap overflow in tinyproxy", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97975486527750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0299.json b/2001/0xxx/CVE-2001-0299.json index b44d1340c70..f28452df1d6 100644 --- a/2001/0xxx/CVE-2001-0299.json +++ b/2001/0xxx/CVE-2001-0299.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001127 Nokia firewalls", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97535202912588&w=2" - }, - { - "name" : "20001205 Nokia firewalls - Response from Nokia", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97603879517777&w=2" - }, - { - "name" : "nokia-ip440-bo(5640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5640" - }, - { - "name" : "2054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2054" - }, - { - "name" : "6020", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2054" + }, + { + "name": "6020", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6020" + }, + { + "name": "20001127 Nokia firewalls", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97535202912588&w=2" + }, + { + "name": "nokia-ip440-bo(5640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5640" + }, + { + "name": "20001205 Nokia firewalls - Response from Nokia", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97603879517777&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0303.json b/2001/0xxx/CVE-2001-0303.json index 71d438fa834..1f889ea3c87 100644 --- a/2001/0xxx/CVE-2001-0303.json +++ b/2001/0xxx/CVE-2001-0303.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010215 Vulnerabilities in Pi3Web Server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html" - }, - { - "name" : "2381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010215 Vulnerabilities in Pi3Web Server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html" + }, + { + "name": "2381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2381" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0880.json b/2001/0xxx/CVE-2001-0880.json index 19d468360ae..3ac2e2d7de8 100644 --- a/2001/0xxx/CVE-2001-0880.json +++ b/2001/0xxx/CVE-2001-0880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0880", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0880", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1538.json b/2001/1xxx/CVE-2001-1538.json index 1547ec565bb..52af7cd97f0 100644 --- a/2001/1xxx/CVE-2001-1538.json +++ b/2001/1xxx/CVE-2001-1538.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SpeedXess HA-120 DSL router has a default administrative password of \"speedxess\", which allows remote attackers to gain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011203 SpeedXess HASE-120 router default password", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-12/0032.html" - }, - { - "name" : "3617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3617" - }, - { - "name" : "speedxess-hase-default-password(7655)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7655.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SpeedXess HA-120 DSL router has a default administrative password of \"speedxess\", which allows remote attackers to gain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "speedxess-hase-default-password(7655)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7655.php" + }, + { + "name": "20011203 SpeedXess HASE-120 router default password", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0032.html" + }, + { + "name": "3617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3617" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2065.json b/2006/2xxx/CVE-2006-2065.json index 6af8c3dbef2..22831bf9512 100644 --- a/2006/2xxx/CVE-2006-2065.json +++ b/2006/2xxx/CVE-2006-2065.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060420 PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431508/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html" - }, - { - "name" : "17633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17633" - }, - { - "name" : "ADV-2006-1451", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1451" - }, - { - "name" : "24787", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24787" - }, - { - "name" : "1015970", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015970" - }, - { - "name" : "19761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19761" - }, - { - "name" : "phpsurveyor-surveyid-shell-execution(25970)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17633" + }, + { + "name": "20060420 PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431508/100/0/threaded" + }, + { + "name": "19761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19761" + }, + { + "name": "1015970", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015970" + }, + { + "name": "phpsurveyor-surveyid-shell-execution(25970)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25970" + }, + { + "name": "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/phpsurveyor_0995_xpl.html" + }, + { + "name": "24787", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24787" + }, + { + "name": "ADV-2006-1451", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1451" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2363.json b/2006/2xxx/CVE-2006-2363.json index 5c42e3376da..f6f1fef84ba 100644 --- a/2006/2xxx/CVE-2006-2363.json +++ b/2006/2xxx/CVE-2006-2363.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060507 Limbo CMS (option=weblinks) SQL injection exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433221/100/0/threaded" - }, - { - "name" : "1751", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1751" - }, - { - "name" : "http://forum.limboforge.org/index.php?topic=6.0", - "refsource" : "CONFIRM", - "url" : "http://forum.limboforge.org/index.php?topic=6.0" - }, - { - "name" : "19891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19891" - }, - { - "name" : "893", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/893" - }, - { - "name" : "limbocms-index-sql-injection(26366)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "limbocms-index-sql-injection(26366)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26366" + }, + { + "name": "19891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19891" + }, + { + "name": "1751", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1751" + }, + { + "name": "20060507 Limbo CMS (option=weblinks) SQL injection exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433221/100/0/threaded" + }, + { + "name": "893", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/893" + }, + { + "name": "http://forum.limboforge.org/index.php?topic=6.0", + "refsource": "CONFIRM", + "url": "http://forum.limboforge.org/index.php?topic=6.0" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2388.json b/2006/2xxx/CVE-2006-2388.json index 754e05070a6..be29131d4d1 100644 --- a/2006/2xxx/CVE-2006-2388.json +++ b/2006/2xxx/CVE-2006-2388.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of \"critical data offsets\" during the rebuilding process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-2388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060711 ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439786/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-022.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-022.html" - }, - { - "name" : "MS06-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037" - }, - { - "name" : "18938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18938" - }, - { - "name" : "ADV-2006-2755", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2755" - }, - { - "name" : "oval:org.mitre.oval:def:234", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A234" - }, - { - "name" : "1016472", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016472" - }, - { - "name" : "excel-cell-rebuilding-code-execution(27604)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of \"critical data offsets\" during the rebuilding process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS06-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037" + }, + { + "name": "1016472", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016472" + }, + { + "name": "18938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18938" + }, + { + "name": "20060711 ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439786/100/0/threaded" + }, + { + "name": "ADV-2006-2755", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2755" + }, + { + "name": "oval:org.mitre.oval:def:234", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A234" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-022.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-022.html" + }, + { + "name": "excel-cell-rebuilding-code-execution(27604)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27604" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2641.json b/2006/2xxx/CVE-2006-2641.json index 430f75ea2d2..b7877acf45d 100644 --- a/2006/2xxx/CVE-2006-2641.json +++ b/2006/2xxx/CVE-2006-2641.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via \"any of its input.\" NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060523 Assetman <= 2.4a XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435139/100/0/threaded" - }, - { - "name" : "18131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18131" - }, - { - "name" : "ADV-2006-2023", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2023" - }, - { - "name" : "20285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20285" - }, - { - "name" : "979", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/979" - }, - { - "name" : "assetman-multiple-xss(26702)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via \"any of its input.\" NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18131" + }, + { + "name": "ADV-2006-2023", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2023" + }, + { + "name": "20060523 Assetman <= 2.4a XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435139/100/0/threaded" + }, + { + "name": "assetman-multiple-xss(26702)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26702" + }, + { + "name": "20285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20285" + }, + { + "name": "979", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/979" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2653.json b/2006/2xxx/CVE-2006-2653.json index 39a731b09a9..0400c130843 100644 --- a/2006/2xxx/CVE-2006-2653.json +++ b/2006/2xxx/CVE-2006-2653.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060527 D-Link DSA-3100 Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435212/100/0/threaded" - }, - { - "name" : "http://www.eazel.es/media/advisory003-D-Link-DSA-3100-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://www.eazel.es/media/advisory003-D-Link-DSA-3100-Cross-Site-Scripting.html" - }, - { - "name" : "18168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18168" - }, - { - "name" : "ADV-2006-2028", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2028" - }, - { - "name" : "1016173", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016173" - }, - { - "name" : "20343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20343" - }, - { - "name" : "980", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/980" - }, - { - "name" : "dlink-airspot-uname-xss(26759)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060527 D-Link DSA-3100 Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435212/100/0/threaded" + }, + { + "name": "18168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18168" + }, + { + "name": "http://www.eazel.es/media/advisory003-D-Link-DSA-3100-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://www.eazel.es/media/advisory003-D-Link-DSA-3100-Cross-Site-Scripting.html" + }, + { + "name": "dlink-airspot-uname-xss(26759)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26759" + }, + { + "name": "ADV-2006-2028", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2028" + }, + { + "name": "20343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20343" + }, + { + "name": "1016173", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016173" + }, + { + "name": "980", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/980" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2692.json b/2006/2xxx/CVE-2006-2692.json index d8f098f877e..6951e14901e 100644 --- a/2006/2xxx/CVE-2006-2692.json +++ b/2006/2xxx/CVE-2006-2692.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.amule.org/wiki/index.php/Changelog_2.1.2", - "refsource" : "CONFIRM", - "url" : "http://www.amule.org/wiki/index.php/Changelog_2.1.2" - }, - { - "name" : "18145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18145" - }, - { - "name" : "1016188", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016188" - }, - { - "name" : "20351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18145" + }, + { + "name": "1016188", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016188" + }, + { + "name": "20351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20351" + }, + { + "name": "http://www.amule.org/wiki/index.php/Changelog_2.1.2", + "refsource": "CONFIRM", + "url": "http://www.amule.org/wiki/index.php/Changelog_2.1.2" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5283.json b/2008/5xxx/CVE-2008-5283.json index dec03e32ebb..3b1b1854134 100644 --- a/2008/5xxx/CVE-2008-5283.json +++ b/2008/5xxx/CVE-2008-5283.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a \"delall\" action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a \"delall\" action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27877" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5474.json b/2008/5xxx/CVE-2008-5474.json index 535d0815efb..0ca79fbe26a 100644 --- a/2008/5xxx/CVE-2008-5474.json +++ b/2008/5xxx/CVE-2008-5474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5474", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-5474", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5636.json b/2008/5xxx/CVE-2008-5636.json index 3ca83f740f6..0c9650145a1 100644 --- a/2008/5xxx/CVE-2008-5636.json +++ b/2008/5xxx/CVE-2008-5636.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7294", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7294" - }, - { - "name" : "32538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32538" - }, - { - "name" : "ADV-2008-3300", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3300" - }, - { - "name" : "32910", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32910" - }, - { - "name" : "4779", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4779" - }, - { - "name" : "litolite-cate-sql-injection(46923)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4779", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4779" + }, + { + "name": "32538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32538" + }, + { + "name": "32910", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32910" + }, + { + "name": "litolite-cate-sql-injection(46923)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46923" + }, + { + "name": "7294", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7294" + }, + { + "name": "ADV-2008-3300", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3300" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5963.json b/2008/5xxx/CVE-2008-5963.json index 5371a78e279..5a1a758884d 100644 --- a/2008/5xxx/CVE-2008-5963.json +++ b/2008/5xxx/CVE-2008-5963.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7344", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7344" - }, - { - "name" : "32646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32646" - }, - { - "name" : "32982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32982" - }, - { - "name" : "gravitygtd-rpc-command-execution(47091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32646" + }, + { + "name": "7344", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7344" + }, + { + "name": "32982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32982" + }, + { + "name": "gravitygtd-rpc-command-execution(47091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47091" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2091.json b/2011/2xxx/CVE-2011-2091.json index f4f4346a032..2c00168fecb 100644 --- a/2011/2xxx/CVE-2011-2091.json +++ b/2011/2xxx/CVE-2011-2091.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-14.html" - }, - { - "name" : "73050", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73050" - }, - { - "name" : "coldfusion-unspec-dos(68028)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coldfusion-unspec-dos(68028)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68028" + }, + { + "name": "73050", + "refsource": "OSVDB", + "url": "http://osvdb.org/73050" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-14.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2099.json b/2011/2xxx/CVE-2011-2099.json index 064552c9bc9..dd680844a93 100644 --- a/2011/2xxx/CVE-2011-2099.json +++ b/2011/2xxx/CVE-2011-2099.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2098." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-16.html" - }, - { - "name" : "TA11-166A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" - }, - { - "name" : "48246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48246" - }, - { - "name" : "73061", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73061" - }, - { - "name" : "oval:org.mitre.oval:def:13684", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13684" - }, - { - "name" : "1025658", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025658" - }, - { - "name" : "reader-acrobat-ce(68013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2098." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "reader-acrobat-ce(68013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68013" + }, + { + "name": "oval:org.mitre.oval:def:13684", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13684" + }, + { + "name": "48246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48246" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" + }, + { + "name": "73061", + "refsource": "OSVDB", + "url": "http://osvdb.org/73061" + }, + { + "name": "TA11-166A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" + }, + { + "name": "1025658", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025658" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2230.json b/2011/2xxx/CVE-2011-2230.json index 5635e7fa222..bcd2aa7ea91 100644 --- a/2011/2xxx/CVE-2011-2230.json +++ b/2011/2xxx/CVE-2011-2230.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2520.json b/2011/2xxx/CVE-2011-2520.json index cab466331d5..1b9a443793c 100644 --- a/2011/2xxx/CVE-2011-2520.json +++ b/2011/2xxx/CVE-2011-2520.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110718 CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/18/6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=717985", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=717985" - }, - { - "name" : "FEDORA-2011-9652", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html" - }, - { - "name" : "RHSA-2011:0953", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0953.html" - }, - { - "name" : "48715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48715" - }, - { - "name" : "1025793", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025793" - }, - { - "name" : "45294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45294" - }, - { - "name" : "systemconfigfirewall-priv-escalation(68734)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-9652", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html" + }, + { + "name": "systemconfigfirewall-priv-escalation(68734)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68734" + }, + { + "name": "[oss-security] 20110718 CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/18/6" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=717985", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=717985" + }, + { + "name": "RHSA-2011:0953", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0953.html" + }, + { + "name": "48715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48715" + }, + { + "name": "1025793", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025793" + }, + { + "name": "45294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45294" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2940.json b/2011/2xxx/CVE-2011-2940.json index d6d7388742a..a2303c0d502 100644 --- a/2011/2xxx/CVE-2011-2940.json +++ b/2011/2xxx/CVE-2011-2940.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110819 CVE request: stunnel 4.4x heap overflow flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/19/6" - }, - { - "name" : "[oss-security] 20110819 Re: CVE request: stunnel 4.4x heap overflow flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/19/18" - }, - { - "name" : "[stunnel-announce] 20110818 stunnel 4.42 released", - "refsource" : "MLIST", - "url" : "http://www.stunnel.org/pipermail/stunnel-announce/2011-August/000059.html" - }, - { - "name" : "http://stunnel.org/?page=sdf_ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://stunnel.org/?page=sdf_ChangeLog" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=732068", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=732068" - }, - { - "name" : "49254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49254" - }, - { - "name" : "74600", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/74600" - }, - { - "name" : "1025959", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025959" - }, - { - "name" : "45705", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45705" - }, - { - "name" : "stunnel-unspecifed-code-execution(69318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110819 CVE request: stunnel 4.4x heap overflow flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/19/6" + }, + { + "name": "1025959", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025959" + }, + { + "name": "[oss-security] 20110819 Re: CVE request: stunnel 4.4x heap overflow flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/19/18" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=732068", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732068" + }, + { + "name": "http://stunnel.org/?page=sdf_ChangeLog", + "refsource": "CONFIRM", + "url": "http://stunnel.org/?page=sdf_ChangeLog" + }, + { + "name": "49254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49254" + }, + { + "name": "[stunnel-announce] 20110818 stunnel 4.42 released", + "refsource": "MLIST", + "url": "http://www.stunnel.org/pipermail/stunnel-announce/2011-August/000059.html" + }, + { + "name": "74600", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/74600" + }, + { + "name": "45705", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45705" + }, + { + "name": "stunnel-unspecifed-code-execution(69318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69318" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3194.json b/2011/3xxx/CVE-2011-3194.json index d38134f3a57..18f34a3ba10 100644 --- a/2011/3xxx/CVE-2011-3194.json +++ b/2011/3xxx/CVE-2011-3194.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120822 CVE request: libqt4: two memory issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/6" - }, - { - "name" : "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/24/8" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=637275", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=637275" - }, - { - "name" : "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465", - "refsource" : "CONFIRM", - "url" : "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465" - }, - { - "name" : "FEDORA-2011-12145", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html" - }, - { - "name" : "GLSA-201206-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-02.xml" - }, - { - "name" : "RHSA-2011:1323", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1323.html" - }, - { - "name" : "RHSA-2011:1328", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1328.html" - }, - { - "name" : "SUSE-SU-2011:1113", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/12056605" - }, - { - "name" : "openSUSE-SU-2011:1119", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html" - }, - { - "name" : "openSUSE-SU-2011:1120", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html" - }, - { - "name" : "USN-1504-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1504-1" - }, - { - "name" : "49724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49724" - }, - { - "name" : "75653", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/75653" - }, - { - "name" : "46128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46128" - }, - { - "name" : "46140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46140" - }, - { - "name" : "46187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46187" - }, - { - "name" : "46371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46371" - }, - { - "name" : "46410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46410" - }, - { - "name" : "49383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49383" - }, - { - "name" : "49895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49895" - }, - { - "name" : "qt-grayscale-bo(69975)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46371" + }, + { + "name": "USN-1504-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1504-1" + }, + { + "name": "46140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46140" + }, + { + "name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/24/8" + }, + { + "name": "GLSA-201206-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-02.xml" + }, + { + "name": "openSUSE-SU-2011:1119", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html" + }, + { + "name": "46410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46410" + }, + { + "name": "qt-grayscale-bo(69975)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69975" + }, + { + "name": "[oss-security] 20120822 CVE request: libqt4: two memory issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/6" + }, + { + "name": "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465", + "refsource": "CONFIRM", + "url": "https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465" + }, + { + "name": "46128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46128" + }, + { + "name": "46187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46187" + }, + { + "name": "49895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49895" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=637275", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=637275" + }, + { + "name": "49383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49383" + }, + { + "name": "49724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49724" + }, + { + "name": "FEDORA-2011-12145", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html" + }, + { + "name": "RHSA-2011:1323", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html" + }, + { + "name": "SUSE-SU-2011:1113", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/12056605" + }, + { + "name": "RHSA-2011:1328", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html" + }, + { + "name": "75653", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/75653" + }, + { + "name": "openSUSE-SU-2011:1120", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3539.json b/2011/3xxx/CVE-2011-3539.json index ba0efcf43dd..19c3faa560c 100644 --- a/2011/3xxx/CVE-2011-3539.json +++ b/2011/3xxx/CVE-2011-3539.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50270", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50270" - }, - { - "name" : "76473", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76473" - }, - { - "name" : "orasun-sol-zones-unspecified(70812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "76473", + "refsource": "OSVDB", + "url": "http://osvdb.org/76473" + }, + { + "name": "50270", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50270" + }, + { + "name": "orasun-sol-zones-unspecified(70812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70812" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3567.json b/2011/3xxx/CVE-2011-3567.json index a48fc79008b..0e0418987dc 100644 --- a/2011/3xxx/CVE-2011-3567.json +++ b/2011/3xxx/CVE-2011-3567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3567", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-3567", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0080.json b/2013/0xxx/CVE-2013-0080.json index c530b2e5839..032e8c71e71 100644 --- a/2013/0xxx/CVE-2013-0080.json +++ b/2013/0xxx/CVE-2013-0080.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"Callback Function Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-024", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024" - }, - { - "name" : "TA13-071A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" - }, - { - "name" : "oval:org.mitre.oval:def:16596", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"Callback Function Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-024", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024" + }, + { + "name": "TA13-071A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A" + }, + { + "name": "oval:org.mitre.oval:def:16596", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0788.json b/2013/0xxx/CVE-2013-0788.json index 382bdc315e8..18668e7967a 100644 --- a/2013/0xxx/CVE-2013-0788.json +++ b/2013/0xxx/CVE-2013-0788.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-30.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-30.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=635852", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=635852" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=771942", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=771942" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=784730", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=784730" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=813442", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=813442" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=827870", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=827870" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=834240", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=834240" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=839621", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=839621" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=840263", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=840263" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=840353", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=840353" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=852923", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=852923" - }, - { - "name" : "DSA-2699", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2699" - }, - { - "name" : "RHSA-2013:0696", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0696.html" - }, - { - "name" : "RHSA-2013:0697", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0697.html" - }, - { - "name" : "openSUSE-SU-2013:0630", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html" - }, - { - "name" : "SUSE-SU-2013:0645", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:0631", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:0850", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html" - }, - { - "name" : "openSUSE-SU-2013:0875", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html" - }, - { - "name" : "USN-1791-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1791-1" - }, - { - "name" : "oval:org.mitre.oval:def:16629", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=635852", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=635852" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=834240", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=834240" + }, + { + "name": "SUSE-SU-2013:0850", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html" + }, + { + "name": "USN-1791-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1791-1" + }, + { + "name": "DSA-2699", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2699" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=840353", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=840353" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=784730", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=784730" + }, + { + "name": "openSUSE-SU-2013:0630", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=813442", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=813442" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=839621", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=839621" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-30.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-30.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=827870", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827870" + }, + { + "name": "RHSA-2013:0696", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0696.html" + }, + { + "name": "oval:org.mitre.oval:def:16629", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16629" + }, + { + "name": "openSUSE-SU-2013:0631", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=771942", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=771942" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=852923", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=852923" + }, + { + "name": "RHSA-2013:0697", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0697.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=840263", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=840263" + }, + { + "name": "SUSE-SU-2013:0645", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" + }, + { + "name": "openSUSE-SU-2013:0875", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0905.json b/2013/0xxx/CVE-2013-0905.json index 869a135b6b4..ad6b8b79729 100644 --- a/2013/0xxx/CVE-2013-0905.json +++ b/2013/0xxx/CVE-2013-0905.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=168982", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=168982" - }, - { - "name" : "oval:org.mitre.oval:def:16495", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html" + }, + { + "name": "oval:org.mitre.oval:def:16495", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16495" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=168982", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=168982" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0974.json b/2013/0xxx/CVE-2013-0974.json index 9fbfc003f6d..1ba93d022a0 100644 --- a/2013/0xxx/CVE-2013-0974.json +++ b/2013/0xxx/CVE-2013-0974.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5642", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5642" - }, - { - "name" : "APPLE-SA-2013-01-28-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html" - }, - { - "name" : "89658", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5642", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5642" + }, + { + "name": "89658", + "refsource": "OSVDB", + "url": "http://osvdb.org/89658" + }, + { + "name": "APPLE-SA-2013-01-28-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1067.json b/2013/1xxx/CVE-2013-1067.json index be07e5c34f9..0f436b408c7 100644 --- a/2013/1xxx/CVE-2013-1067.json +++ b/2013/1xxx/CVE-2013-1067.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2013-1067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-2007-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2007-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2007-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2007-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1416.json b/2013/1xxx/CVE-2013-1416.json index 4540e08720f..430a2b1f83a 100644 --- a/2013/1xxx/CVE-2013-1416.json +++ b/2013/1xxx/CVE-2013-1416.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600", - "refsource" : "CONFIRM", - "url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600" - }, - { - "name" : "https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81", - "refsource" : "CONFIRM", - "url" : "https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81" - }, - { - "name" : "FEDORA-2013-5280", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102058.html" - }, - { - "name" : "FEDORA-2013-5286", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102074.html" - }, - { - "name" : "MDVSA-2013:157", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:157" - }, - { - "name" : "MDVSA-2013:158", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:158" - }, - { - "name" : "RHSA-2013:0748", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0748.html" - }, - { - "name" : "openSUSE-SU-2013:0746", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:0904", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00041.html" - }, - { - "name" : "openSUSE-SU-2013:0967", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00102.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2013:157", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:157" + }, + { + "name": "openSUSE-SU-2013:0904", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00041.html" + }, + { + "name": "MDVSA-2013:158", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:158" + }, + { + "name": "FEDORA-2013-5286", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102074.html" + }, + { + "name": "openSUSE-SU-2013:0967", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00102.html" + }, + { + "name": "openSUSE-SU-2013:0746", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00011.html" + }, + { + "name": "FEDORA-2013-5280", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102058.html" + }, + { + "name": "https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81", + "refsource": "CONFIRM", + "url": "https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81" + }, + { + "name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600", + "refsource": "CONFIRM", + "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600" + }, + { + "name": "RHSA-2013:0748", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0748.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4097.json b/2013/4xxx/CVE-2013-4097.json index 8275fe9d5d2..2661ad473e5 100644 --- a/2013/4xxx/CVE-2013-4097.json +++ b/2013/4xxx/CVE-2013-4097.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/121862/DS3-Authentication-Server-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121862/DS3-Authentication-Server-Command-Execution.html" - }, - { - "name" : "http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt", - "refsource" : "MISC", - "url" : "http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt", + "refsource": "MISC", + "url": "http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt" + }, + { + "name": "http://packetstormsecurity.com/files/121862/DS3-Authentication-Server-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121862/DS3-Authentication-Server-Command-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4507.json b/2013/4xxx/CVE-2013-4507.json index 3e9a3307adb..81dd5d2563d 100644 --- a/2013/4xxx/CVE-2013-4507.json +++ b/2013/4xxx/CVE-2013-4507.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.collectiveaccess.org/news/collectiveaccess-version-1-3-1-released", - "refsource" : "CONFIRM", - "url" : "http://www.collectiveaccess.org/news/collectiveaccess-version-1-3-1-released" - }, - { - "name" : "55481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.collectiveaccess.org/news/collectiveaccess-version-1-3-1-released", + "refsource": "CONFIRM", + "url": "http://www.collectiveaccess.org/news/collectiveaccess-version-1-3-1-released" + }, + { + "name": "55481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55481" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5095.json b/2013/5xxx/CVE-2013-5095.json index ac1f63fe2e1..c0fe4dd4386 100644 --- a/2013/5xxx/CVE-2013-5095.json +++ b/2013/5xxx/CVE-2013-5095.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/JSA10585", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/JSA10585" - }, - { - "name" : "1028923", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.juniper.net/JSA10585", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/JSA10585" + }, + { + "name": "1028923", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028923" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5204.json b/2013/5xxx/CVE-2013-5204.json index 9a9cb37ca58..101312dd34a 100644 --- a/2013/5xxx/CVE-2013-5204.json +++ b/2013/5xxx/CVE-2013-5204.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5204", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5204", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5427.json b/2013/5xxx/CVE-2013-5427.json index 5c7bde7e050..3f218503a0a 100644 --- a/2013/5xxx/CVE-2013-5427.json +++ b/2013/5xxx/CVE-2013-5427.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21663181", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21663181" - }, - { - "name" : "ibm-mdmcs-cve20135427-csrf(87536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21663181", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21663181" + }, + { + "name": "ibm-mdmcs-cve20135427-csrf(87536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87536" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2435.json b/2014/2xxx/CVE-2014-2435.json index df54a36df4b..11698788f51 100644 --- a/2014/2xxx/CVE-2014-2435.json +++ b/2014/2xxx/CVE-2014-2435.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "66853", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "66853", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66853" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2639.json b/2014/2xxx/CVE-2014-2639.json index 7b0aa85701f..824a3f09a77 100644 --- a/2014/2xxx/CVE-2014-2639.json +++ b/2014/2xxx/CVE-2014-2639.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02958", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122" - }, - { - "name" : "SSRT101301", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBST02958", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122" + }, + { + "name": "SSRT101301", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0026.json b/2017/0xxx/CVE-2017-0026.json index 20adb086557..b671fac77fa 100644 --- a/2017/0xxx/CVE-2017-0026.json +++ b/2017/0xxx/CVE-2017-0026.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Win32k", - "version" : { - "version_data" : [ - { - "version_value" : "The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Win32k", + "version": { + "version_data": [ + { + "version_value": "The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0026", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0026" - }, - { - "name" : "96032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96032" - }, - { - "name" : "1038017", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96032" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0026", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0026" + }, + { + "name": "1038017", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038017" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0775.json b/2017/0xxx/CVE-2017-0775.json index e599320d3df..c83ed1e8e5b 100644 --- a/2017/0xxx/CVE-2017-0775.json +++ b/2017/0xxx/CVE-2017-0775.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100649" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0884.json b/2017/0xxx/CVE-2017-0884.json index 2d95f1d0b31..c689e6526c4 100644 --- a/2017/0xxx/CVE-2017-0884.json +++ b/2017/0xxx/CVE-2017-0884.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server", - "version" : { - "version_data" : [ - { - "version_value" : "All versions before 9.0.55 and 10.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Nextcloud" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Permission Issues (CWE-275)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "All versions before 9.0.55 and 10.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Nextcloud" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/169680", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/169680" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-002", - "refsource" : "CONFIRM", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permission Issues (CWE-275)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-002", + "refsource": "CONFIRM", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-002" + }, + { + "name": "https://hackerone.com/reports/169680", + "refsource": "MISC", + "url": "https://hackerone.com/reports/169680" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000484.json b/2017/1000xxx/CVE-2017-1000484.json index 9bbf4a17a0b..dcedc9ac091 100644 --- a/2017/1000xxx/CVE-2017-1000484.json +++ b/2017/1000xxx/CVE-2017-1000484.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000484", - "REQUESTER" : "security@plone.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Plone", - "version" : { - "version_data" : [ - { - "version_value" : "2.5-5.1rc1" - } - ] - } - } - ] - }, - "vendor_name" : "Plone Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Open Redirection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000484", + "REQUESTER": "security@plone.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url", - "refsource" : "CONFIRM", - "url" : "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url", + "refsource": "CONFIRM", + "url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12423.json b/2017/12xxx/CVE-2017-12423.json index d868e490e5a..71421646c70 100644 --- a/2017/12xxx/CVE-2017-12423.json +++ b/2017/12xxx/CVE-2017-12423.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/s/article/NTAP-20170831-0002", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/NTAP-20170831-0002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.netapp.com/support/s/article/NTAP-20170831-0002", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/NTAP-20170831-0002" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12590.json b/2017/12xxx/CVE-2017-12590.json index 189d79f65ca..14a55938f47 100644 --- a/2017/12xxx/CVE-2017-12590.json +++ b/2017/12xxx/CVE-2017-12590.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the \"flag\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://iscouncil.blogspot.com/2018/03/asus-rt-n14uhp-cross-site-scripting.html", - "refsource" : "MISC", - "url" : "https://iscouncil.blogspot.com/2018/03/asus-rt-n14uhp-cross-site-scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the \"flag\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://iscouncil.blogspot.com/2018/03/asus-rt-n14uhp-cross-site-scripting.html", + "refsource": "MISC", + "url": "https://iscouncil.blogspot.com/2018/03/asus-rt-n14uhp-cross-site-scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16425.json b/2017/16xxx/CVE-2017-16425.json index 287d6d31ddf..69bcbc3507b 100644 --- a/2017/16xxx/CVE-2017-16425.json +++ b/2017/16xxx/CVE-2017-16425.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16425", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16425", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16675.json b/2017/16xxx/CVE-2017-16675.json index 8a4b4ebace0..e9659ce4df7 100644 --- a/2017/16xxx/CVE-2017-16675.json +++ b/2017/16xxx/CVE-2017-16675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16910.json b/2017/16xxx/CVE-2017-16910.json index 3c27169030e..b044fd87889 100644 --- a/2017/16xxx/CVE-2017-16910.json +++ b/2017/16xxx/CVE-2017-16910.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2017-16910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibRaw", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 0.18.6" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error within the \"LibRaw::xtrans_interpolate()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS (Denial of Service) through invalid read memory access" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2017-16910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibRaw", + "version": { + "version_data": [ + { + "version_value": "Prior to 0.18.6" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" - }, - { - "name" : "https://github.com/LibRaw/LibRaw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19/" - }, - { - "name" : "USN-3615-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3615-1/" - }, - { - "name" : "76000", - "refsource" : "SECUNIA", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/76000/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error within the \"LibRaw::xtrans_interpolate()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS (Denial of Service) through invalid read memory access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" + }, + { + "name": "https://github.com/LibRaw/LibRaw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/commit/5563e6ddc3f7cb93d98b491194ceebdee7288d36" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19/" + }, + { + "name": "76000", + "refsource": "SECUNIA", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/76000/" + }, + { + "name": "USN-3615-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3615-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16959.json b/2017/16xxx/CVE-2017-16959.json index 307666b3e3b..65334b6c001 100644 --- a/2017/16xxx/CVE-2017-16959.json +++ b/2017/16xxx/CVE-2017-16959.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt", - "refsource" : "MISC", - "url" : "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt", + "refsource": "MISC", + "url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4035.json b/2017/4xxx/CVE-2017-4035.json index a79507cdde5..3bd9f2988c1 100644 --- a/2017/4xxx/CVE-2017-4035.json +++ b/2017/4xxx/CVE-2017-4035.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4035", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4035", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4165.json b/2017/4xxx/CVE-2017-4165.json index 3c7dc4c5be4..cf2a8f4dfcf 100644 --- a/2017/4xxx/CVE-2017-4165.json +++ b/2017/4xxx/CVE-2017-4165.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4165", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4165", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4179.json b/2017/4xxx/CVE-2017-4179.json index 37635909aeb..0a362bad8bb 100644 --- a/2017/4xxx/CVE-2017-4179.json +++ b/2017/4xxx/CVE-2017-4179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4179", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4179", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18598.json b/2018/18xxx/CVE-2018-18598.json index fcd1c91c380..6c80238c5e8 100644 --- a/2018/18xxx/CVE-2018-18598.json +++ b/2018/18xxx/CVE-2018-18598.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18598", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18598", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18976.json b/2018/18xxx/CVE-2018-18976.json index b4d8243d5c6..652dd6efd80 100644 --- a/2018/18xxx/CVE-2018-18976.json +++ b/2018/18xxx/CVE-2018-18976.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18976", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18976", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5080.json b/2018/5xxx/CVE-2018-5080.json index 47dd3766642..85c6d624a1e 100644 --- a/2018/5xxx/CVE-2018-5080.json +++ b/2018/5xxx/CVE-2018-5080.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x830020FC", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x830020FC" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x830020FC", + "refsource": "MISC", + "url": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x830020FC" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5415.json b/2018/5xxx/CVE-2018-5415.json index 4445a333d9f..dc1c9d40c61 100644 --- a/2018/5xxx/CVE-2018-5415.json +++ b/2018/5xxx/CVE-2018-5415.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5415", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-5415", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5826.json b/2018/5xxx/CVE-2018-5826.json index a7879635f58..7edf95d8150 100644 --- a/2018/5xxx/CVE-2018-5826.json +++ b/2018/5xxx/CVE-2018-5826.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2018-5826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2018-5826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file