diff --git a/2001/0xxx/CVE-2001-0160.json b/2001/0xxx/CVE-2001-0160.json index 7f681510985..d87663503ae 100644 --- a/2001/0xxx/CVE-2001-0160.json +++ b/2001/0xxx/CVE-2001-0160.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.jhu.edu/~seny/pubs/wince802.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.jhu.edu/~seny/pubs/wince802.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cs.jhu.edu/~seny/pubs/wince802.pdf", + "refsource": "MISC", + "url": "http://www.cs.jhu.edu/~seny/pubs/wince802.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0197.json b/2001/0xxx/CVE-2001-0197.json index d1d5afd6df3..d0128be4500 100644 --- a/2001/0xxx/CVE-2001-0197.json +++ b/2001/0xxx/CVE-2001-0197.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010121 [pkc] format bugs in icecast 1.3.8b2 and prior", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html" - }, - { - "name" : "CLA-2001:374", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374" - }, - { - "name" : "RHSA-2001:004", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-004.html" - }, - { - "name" : "icecast-format-string(5978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5978" - }, - { - "name" : "2264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2001:004", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-004.html" + }, + { + "name": "20010121 [pkc] format bugs in icecast 1.3.8b2 and prior", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html" + }, + { + "name": "2264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2264" + }, + { + "name": "CLA-2001:374", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374" + }, + { + "name": "icecast-format-string(5978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5978" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0407.json b/2001/0xxx/CVE-2001-0407.json index 24c481aefe4..f350a2b0681 100644 --- a/2001/0xxx/CVE-2001-0407.json +++ b/2001/0xxx/CVE-2001-0407.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010318 potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0237.html" - }, - { - "name" : "20010327 MySQL 3.23.36 is relased (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0396.html" - }, - { - "name" : "mysql-dot-directory-traversal(6617)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6617" - }, - { - "name" : "2522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2522" + }, + { + "name": "20010318 potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0237.html" + }, + { + "name": "20010327 MySQL 3.23.36 is relased (fwd)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0396.html" + }, + { + "name": "mysql-dot-directory-traversal(6617)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6617" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0454.json b/2001/0xxx/CVE-2001-0454.json index 38e93ca1a2a..03a984b3f57 100644 --- a/2001/0xxx/CVE-2001-0454.json +++ b/2001/0xxx/CVE-2001-0454.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010303 SlimServe HTTPd ver. 1.1a Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0532.html" - }, - { - "name" : "slimserve-httpd-directory-traversal(6186)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010303 SlimServe HTTPd ver. 1.1a Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0532.html" + }, + { + "name": "slimserve-httpd-directory-traversal(6186)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6186" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0995.json b/2001/0xxx/CVE-2001-0995.json index abb0acdca63..525e316dfcd 100644 --- a/2001/0xxx/CVE-2001-0995.json +++ b/2001/0xxx/CVE-2001-0995.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010826 security hole in os groupware suite PHProjekt", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/210349" - }, - { - "name" : "http://www.phprojekt.com/ChangeLog", - "refsource" : "MISC", - "url" : "http://www.phprojekt.com/ChangeLog" - }, - { - "name" : "3239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3239" - }, - { - "name" : "phprojekt-id-modify(7035)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phprojekt.com/ChangeLog", + "refsource": "MISC", + "url": "http://www.phprojekt.com/ChangeLog" + }, + { + "name": "phprojekt-id-modify(7035)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7035" + }, + { + "name": "3239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3239" + }, + { + "name": "20010826 security hole in os groupware suite PHProjekt", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/210349" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1023.json b/2001/1xxx/CVE-2001-1023.json index 7edf3742483..25cf7fd0d08 100644 --- a/2001/1xxx/CVE-2001-1023.json +++ b/2001/1xxx/CVE-2001-1023.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010921 IRM Security Advisory: Xcache Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0182.html" - }, - { - "name" : "xcache-path-disclosure(7159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7159" - }, - { - "name" : "3352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xcache-path-disclosure(7159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7159" + }, + { + "name": "3352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3352" + }, + { + "name": "20010921 IRM Security Advisory: Xcache Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0182.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1034.json b/2001/1xxx/CVE-2001-1034.json index ecc40ef3492..6a0972ec327 100644 --- a/2001/1xxx/CVE-2001-1034.json +++ b/2001/1xxx/CVE-2001-1034.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010923 hylafax", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/215984" - }, - { - "name" : "hylafax-hostname-format-string(7164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7164" - }, - { - "name" : "3357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hylafax-hostname-format-string(7164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7164" + }, + { + "name": "20010923 hylafax", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/215984" + }, + { + "name": "3357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3357" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1287.json b/2001/1xxx/CVE-2001-1287.json index bf8ef4fe2e8..40060de2906 100644 --- a/2001/1xxx/CVE-2001-1287.json +++ b/2001/1xxx/CVE-2001-1287.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011012 def-2001-29", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html" - }, - { - "name" : "http://www.ipswitch.com/Support/IMail/news.html", - "refsource" : "MISC", - "url" : "http://www.ipswitch.com/Support/IMail/news.html" - }, - { - "name" : "3431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011012 def-2001-29", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html" + }, + { + "name": "http://www.ipswitch.com/Support/IMail/news.html", + "refsource": "MISC", + "url": "http://www.ipswitch.com/Support/IMail/news.html" + }, + { + "name": "3431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3431" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1586.json b/2001/1xxx/CVE-2001-1586.json index b353e65867b..f5d7fe040ff 100644 --- a/2001/1xxx/CVE-2001-1586.json +++ b/2001/1xxx/CVE-2001-1586.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ (\"%2E%2E%2F%\") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010727 SimpleServer:WWW Command Execution Vulnerability Exploit Code Released", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2001/Jul/660" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5TP0B1P4UK.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5TP0B1P4UK.html" - }, - { - "name" : "http://www.analogx.com/contents/download/network/sswww.htm", - "refsource" : "CONFIRM", - "url" : "http://www.analogx.com/contents/download/network/sswww.htm" - }, - { - "name" : "3112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3112" - }, - { - "name" : "simpleserverwww-cgibin-directory-traversal(56631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ (\"%2E%2E%2F%\") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "simpleserverwww-cgibin-directory-traversal(56631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56631" + }, + { + "name": "20010727 SimpleServer:WWW Command Execution Vulnerability Exploit Code Released", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2001/Jul/660" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5TP0B1P4UK.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5TP0B1P4UK.html" + }, + { + "name": "3112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3112" + }, + { + "name": "http://www.analogx.com/contents/download/network/sswww.htm", + "refsource": "CONFIRM", + "url": "http://www.analogx.com/contents/download/network/sswww.htm" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2146.json b/2006/2xxx/CVE-2006-2146.json index f3e513cecff..6679d7cde1b 100644 --- a/2006/2xxx/CVE-2006-2146.json +++ b/2006/2xxx/CVE-2006-2146.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://evuln.com/vulns/127/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/127/summary.html" - }, - { - "name" : "17759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17759" - }, - { - "name" : "25164", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25164" - }, - { - "name" : "1016037", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016037" - }, - { - "name" : "19896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19896" - }, - { - "name" : "hbns-index-xss(26138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19896" + }, + { + "name": "http://evuln.com/vulns/127/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/127/summary.html" + }, + { + "name": "25164", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25164" + }, + { + "name": "hbns-index-xss(26138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26138" + }, + { + "name": "17759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17759" + }, + { + "name": "1016037", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016037" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6374.json b/2006/6xxx/CVE-2006-6374.json index 002275e93da..da09496a775 100644 --- a/2006/6xxx/CVE-2006-6374.json +++ b/2006/6xxx/CVE-2006-6374.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061203 PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453432/100/0/threaded" - }, - { - "name" : "1993", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1993" - }, - { - "name" : "phpmyadmin-multiple-response-splitting(30703)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061203 PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453432/100/0/threaded" + }, + { + "name": "phpmyadmin-multiple-response-splitting(30703)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30703" + }, + { + "name": "1993", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1993" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6488.json b/2006/6xxx/CVE-2006-6488.json index 975f070f44b..cb2a152475f 100644 --- a/2006/6xxx/CVE-2006-6488.json +++ b/2006/6xxx/CVE-2006-6488.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2006-6488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#251969", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/251969" - }, - { - "name" : "21849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21849" - }, - { - "name" : "ADV-2007-0025", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0025" - }, - { - "name" : "32552", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32552" - }, - { - "name" : "23583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23583" - }, - { - "name" : "dialogwrapper-activex-bo(31228)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21849" + }, + { + "name": "VU#251969", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/251969" + }, + { + "name": "32552", + "refsource": "OSVDB", + "url": "http://osvdb.org/32552" + }, + { + "name": "dialogwrapper-activex-bo(31228)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31228" + }, + { + "name": "23583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23583" + }, + { + "name": "ADV-2007-0025", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0025" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5401.json b/2008/5xxx/CVE-2008-5401.json index 9f4769975f2..9dce69a6510 100644 --- a/2008/5xxx/CVE-2008-5401.json +++ b/2008/5xxx/CVE-2008-5401.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to \"AIM IMG Tag Parsing.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081205 ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498932/100/0/threaded" - }, - { - "name" : "http://blog.ceruleanstudios.com/?p=404", - "refsource" : "MISC", - "url" : "http://blog.ceruleanstudios.com/?p=404" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-077", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-077" - }, - { - "name" : "32645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32645" - }, - { - "name" : "ADV-2008-3348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3348" - }, - { - "name" : "50472", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50472" - }, - { - "name" : "1021335", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021335" - }, - { - "name" : "33001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33001" - }, - { - "name" : "4700", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4700" - }, - { - "name" : "trillian-xmltags-bo(47093)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to \"AIM IMG Tag Parsing.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021335", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021335" + }, + { + "name": "32645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32645" + }, + { + "name": "trillian-xmltags-bo(47093)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47093" + }, + { + "name": "50472", + "refsource": "OSVDB", + "url": "http://osvdb.org/50472" + }, + { + "name": "ADV-2008-3348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3348" + }, + { + "name": "20081205 ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498932/100/0/threaded" + }, + { + "name": "4700", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4700" + }, + { + "name": "33001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33001" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-077", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-077" + }, + { + "name": "http://blog.ceruleanstudios.com/?p=404", + "refsource": "MISC", + "url": "http://blog.ceruleanstudios.com/?p=404" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5538.json b/2008/5xxx/CVE-2008-5538.json index 7d06e0f5968..d6a5982c1ef 100644 --- a/2008/5xxx/CVE-2008-5538.json +++ b/2008/5xxx/CVE-2008-5538.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded" - }, - { - "name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded" - }, - { - "name" : "4723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4723" - }, - { - "name" : "multiple-antivirus-mzheader-code-execution(47435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-antivirus-mzheader-code-execution(47435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" + }, + { + "name": "4723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4723" + }, + { + "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded" + }, + { + "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5722.json b/2008/5xxx/CVE-2008-5722.json index 69ba8daeca1..0994dd4da03 100644 --- a/2008/5xxx/CVE-2008-5722.json +++ b/2008/5xxx/CVE-2008-5722.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SAWStudio 3.9i allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long SAWSTUDIO PREFERENCES STRUCT value in a .prf (preferences) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7578", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7578" - }, - { - "name" : "33011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33011" - }, - { - "name" : "51025", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51025" - }, - { - "name" : "4808", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SAWStudio 3.9i allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long SAWSTUDIO PREFERENCES STRUCT value in a .prf (preferences) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33011" + }, + { + "name": "4808", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4808" + }, + { + "name": "51025", + "refsource": "OSVDB", + "url": "http://osvdb.org/51025" + }, + { + "name": "7578", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7578" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2292.json b/2011/2xxx/CVE-2011-2292.json index 53357286109..259d4e380b8 100644 --- a/2011/2xxx/CVE-2011-2292.json +++ b/2011/2xxx/CVE-2011-2292.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50268" - }, - { - "name" : "76462", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50268" + }, + { + "name": "76462", + "refsource": "OSVDB", + "url": "http://osvdb.org/76462" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2331.json b/2011/2xxx/CVE-2011-2331.json index e11b0e496e2..2c096a24a2c 100644 --- a/2011/2xxx/CVE-2011-2331.json +++ b/2011/2xxx/CVE-2011-2331.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an \"recv\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-170/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-170/" - }, - { - "name" : "48065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48065" - }, - { - "name" : "1025583", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025583" - }, - { - "name" : "44748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44748" - }, - { - "name" : "imc-img-bo(67738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an \"recv\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44748" + }, + { + "name": "1025583", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025583" + }, + { + "name": "imc-img-bo(67738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67738" + }, + { + "name": "48065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48065" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-170/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-170/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2421.json b/2011/2xxx/CVE-2011-2421.json index 128f4889cb7..77c2f410ef3 100644 --- a/2011/2xxx/CVE-2011-2421.json +++ b/2011/2xxx/CVE-2011-2421.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir media file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-19.html" - }, - { - "name" : "TA11-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir media file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-19.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-19.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2982.json b/2011/2xxx/CVE-2011-2982.json index 7e254bfd256..403fa5c9cbb 100644 --- a/2011/2xxx/CVE-2011-2982.json +++ b/2011/2xxx/CVE-2011-2982.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-30.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-30.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=541255", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=541255" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=615970", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=615970" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=632206", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=632206" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=643062", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=643062" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=674545", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=674545" - }, - { - "name" : "DSA-2295", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2295" - }, - { - "name" : "DSA-2296", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2296" - }, - { - "name" : "DSA-2297", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2297" - }, - { - "name" : "MDVSA-2011:127", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:127" - }, - { - "name" : "RHSA-2011:1164", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1164.html" - }, - { - "name" : "RHSA-2011:1165", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1165.html" - }, - { - "name" : "RHSA-2011:1166", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1166.html" - }, - { - "name" : "RHSA-2011:1167", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1167.html" - }, - { - "name" : "SUSE-SA:2011:037", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" - }, - { - "name" : "SUSE-SU-2011:0967", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html" - }, - { - "name" : "oval:org.mitre.oval:def:14294", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14294" - }, - { - "name" : "1025940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:127", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:127" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-30.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-30.html" + }, + { + "name": "oval:org.mitre.oval:def:14294", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14294" + }, + { + "name": "DSA-2297", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2297" + }, + { + "name": "SUSE-SU-2011:0967", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=674545", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=674545" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=643062", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=643062" + }, + { + "name": "DSA-2296", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2296" + }, + { + "name": "RHSA-2011:1166", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1166.html" + }, + { + "name": "1025940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025940" + }, + { + "name": "SUSE-SA:2011:037", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" + }, + { + "name": "RHSA-2011:1164", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1164.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=632206", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=632206" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=541255", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=541255" + }, + { + "name": "RHSA-2011:1165", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1165.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=615970", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=615970" + }, + { + "name": "DSA-2295", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2295" + }, + { + "name": "RHSA-2011:1167", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1167.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2996.json b/2011/2xxx/CVE-2011-2996.json index 725fba1a4bd..39beb109242 100644 --- a/2011/2xxx/CVE-2011-2996.json +++ b/2011/2xxx/CVE-2011-2996.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-36.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-36.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=555018", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=555018" - }, - { - "name" : "MDVSA-2011:139", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:139" - }, - { - "name" : "MDVSA-2011:140", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:140" - }, - { - "name" : "SUSE-SU-2011:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html" - }, - { - "name" : "oval:org.mitre.oval:def:14064", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:139", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:139" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-36.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-36.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=555018", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=555018" + }, + { + "name": "SUSE-SU-2011:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html" + }, + { + "name": "oval:org.mitre.oval:def:14064", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14064" + }, + { + "name": "MDVSA-2011:140", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:140" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3087.json b/2011/3xxx/CVE-2011-3087.json index 681dfb0727d..3fbb6d55a39 100644 --- a/2011/3xxx/CVE-2011-3087.json +++ b/2011/3xxx/CVE-2011-3087.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=118664", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=118664" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" - }, - { - "name" : "GLSA-201205-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201205-03.xml" - }, - { - "name" : "openSUSE-SU-2012:0656", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" - }, - { - "name" : "53540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53540" - }, - { - "name" : "oval:org.mitre.oval:def:15567", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15567" - }, - { - "name" : "1027067", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027067" - }, - { - "name" : "chrome-window-code-execution(75592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201205-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201205-03.xml" + }, + { + "name": "openSUSE-SU-2012:0656", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" + }, + { + "name": "1027067", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027067" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=118664", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=118664" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" + }, + { + "name": "53540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53540" + }, + { + "name": "chrome-window-code-execution(75592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75592" + }, + { + "name": "oval:org.mitre.oval:def:15567", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15567" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3447.json b/2011/3xxx/CVE-2011-3447.json index ec8d8d83dcf..867dda096ea 100644 --- a/2011/3xxx/CVE-2011-3447.json +++ b/2011/3xxx/CVE-2011-3447.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3877.json b/2011/3xxx/CVE-2011-3877.json index c1c4acc9a34..5333ccb605f 100644 --- a/2011/3xxx/CVE-2011-3877.json +++ b/2011/3xxx/CVE-2011-3877.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=91218", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=91218" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" - }, - { - "name" : "oval:org.mitre.oval:def:12763", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12763" - }, - { - "name" : "google-chrome-appcache-xss(70955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12763", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12763" + }, + { + "name": "google-chrome-appcache-xss(70955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70955" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=91218", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=91218" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3966.json b/2011/3xxx/CVE-2011-3966.json index 8c1ded46884..a49c850b204 100644 --- a/2011/3xxx/CVE-2011-3966.json +++ b/2011/3xxx/CVE-2011-3966.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=109716", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=109716" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:14944", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:14944", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14944" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=109716", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=109716" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4084.json b/2011/4xxx/CVE-2011-4084.json index f359ddbe870..45d34f14e32 100644 --- a/2011/4xxx/CVE-2011-4084.json +++ b/2011/4xxx/CVE-2011-4084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4084", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4858. Reason: This candidate is a duplicate of CVE-2011-4858. Notes: All CVE users should reference CVE-2011-4858 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4084", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4858. Reason: This candidate is a duplicate of CVE-2011-4858. Notes: All CVE users should reference CVE-2011-4858 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4547.json b/2011/4xxx/CVE-2011-4547.json index cc3fb954bd7..6738b78fcb2 100644 --- a/2011/4xxx/CVE-2011-4547.json +++ b/2011/4xxx/CVE-2011-4547.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.dognaedis.com/vulns/DGS-SEC-9.html", - "refsource" : "MISC", - "url" : "https://www.dognaedis.com/vulns/DGS-SEC-9.html" - }, - { - "name" : "50787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50787" - }, - { - "name" : "zencart-multipleparameters-xss(71519)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zencart-multipleparameters-xss(71519)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71519" + }, + { + "name": "https://www.dognaedis.com/vulns/DGS-SEC-9.html", + "refsource": "MISC", + "url": "https://www.dognaedis.com/vulns/DGS-SEC-9.html" + }, + { + "name": "50787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50787" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4561.json b/2011/4xxx/CVE-2011-4561.json index 823234933b6..72c32eec369 100644 --- a/2011/4xxx/CVE-2011-4561.json +++ b/2011/4xxx/CVE-2011-4561.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111003 Phorum 5.2.18 Cross-site scripting vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519991/100/0/threaded" - }, - { - "name" : "http://www.rul3z.de/advisories/SSCHADV2011-023.txt", - "refsource" : "MISC", - "url" : "http://www.rul3z.de/advisories/SSCHADV2011-023.txt" - }, - { - "name" : "49920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49920" - }, - { - "name" : "76026", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76026" - }, - { - "name" : "46282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49920" + }, + { + "name": "76026", + "refsource": "OSVDB", + "url": "http://osvdb.org/76026" + }, + { + "name": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt", + "refsource": "MISC", + "url": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt" + }, + { + "name": "20111003 Phorum 5.2.18 Cross-site scripting vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519991/100/0/threaded" + }, + { + "name": "46282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46282" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0121.json b/2013/0xxx/CVE-2013-0121.json index 12e5562fc7e..4284e26fbb3 100644 --- a/2013/0xxx/CVE-2013-0121.json +++ b/2013/0xxx/CVE-2013-0121.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0121", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0121", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0668.json b/2013/0xxx/CVE-2013-0668.json index e1d3d4ab6ea..e18d31b45b7 100644 --- a/2013/0xxx/CVE-2013-0668.json +++ b/2013/0xxx/CVE-2013-0668.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-0668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf" + }, + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1213.json b/2013/1xxx/CVE-2013-1213.json index 7b0b0337c7a..b24fb69fc49 100644 --- a/2013/1xxx/CVE-2013-1213.json +++ b/2013/1xxx/CVE-2013-1213.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130528 Cisco Nexus 1000V VSM/VEM Heartbeat Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130528 Cisco Nexus 1000V VSM/VEM Heartbeat Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1213" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1488.json b/2013/1xxx/CVE-2013-1488.json index c4d7b992685..784d8974322 100644 --- a/2013/1xxx/CVE-2013-1488.json +++ b/2013/1xxx/CVE-2013-1488.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, \"improper toString calls,\" and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" - }, - { - "name" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", - "refsource" : "MISC", - "url" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" - }, - { - "name" : "http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/", - "refsource" : "MISC", - "url" : "http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/" - }, - { - "name" : "https://twitter.com/thezdi/status/309425888188043264", - "refsource" : "MISC", - "url" : "https://twitter.com/thezdi/status/309425888188043264" - }, - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/a19614a3dabb", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/a19614a3dabb" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=920247", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=920247" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "MDVSA-2013:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" - }, - { - "name" : "MDVSA-2013:161", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" - }, - { - "name" : "RHSA-2013:0752", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html" - }, - { - "name" : "RHSA-2013:0757", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" - }, - { - "name" : "SUSE-SU-2013:0814", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" - }, - { - "name" : "openSUSE-SU-2013:0964", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" - }, - { - "name" : "USN-1806-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1806-1" - }, - { - "name" : "TA13-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" - }, - { - "name" : "oval:org.mitre.oval:def:16511", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, \"improper toString calls,\" and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16511", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16511" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/a19614a3dabb", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/a19614a3dabb" + }, + { + "name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" + }, + { + "name": "MDVSA-2013:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" + }, + { + "name": "TA13-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" + }, + { + "name": "RHSA-2013:0757", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html" + }, + { + "name": "https://twitter.com/thezdi/status/309425888188043264", + "refsource": "MISC", + "url": "https://twitter.com/thezdi/status/309425888188043264" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" + }, + { + "name": "openSUSE-SU-2013:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" + }, + { + "name": "MDVSA-2013:161", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" + }, + { + "name": "openSUSE-SU-2013:0964", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" + }, + { + "name": "http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/", + "refsource": "MISC", + "url": "http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/" + }, + { + "name": "RHSA-2013:0752", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html" + }, + { + "name": "USN-1806-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1806-1" + }, + { + "name": "SUSE-SU-2013:0814", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=920247", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920247" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" + }, + { + "name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", + "refsource": "MISC", + "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1770.json b/2013/1xxx/CVE-2013-1770.json index 2d59664cdcc..2637563cdb5 100644 --- a/2013/1xxx/CVE-2013-1770.json +++ b/2013/1xxx/CVE-2013-1770.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130221 Re: CVE request: XSS flaws fixed in ganglia", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/21/12" - }, - { - "name" : "[oss-security] 20130226 Re: CVE request: XSS flaws fixed in ganglia", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/26/11" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=892823", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=892823" - }, - { - "name" : "https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6", - "refsource" : "CONFIRM", - "url" : "https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6" - }, - { - "name" : "https://github.com/ganglia/ganglia-web/issues/160", - "refsource" : "CONFIRM", - "url" : "https://github.com/ganglia/ganglia-web/issues/160" - }, - { - "name" : "52673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52673" - }, - { - "name" : "ganglia-viewsview-xss(82468)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130226 Re: CVE request: XSS flaws fixed in ganglia", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/26/11" + }, + { + "name": "https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6", + "refsource": "CONFIRM", + "url": "https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6" + }, + { + "name": "ganglia-viewsview-xss(82468)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82468" + }, + { + "name": "[oss-security] 20130221 Re: CVE request: XSS flaws fixed in ganglia", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/21/12" + }, + { + "name": "52673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52673" + }, + { + "name": "https://github.com/ganglia/ganglia-web/issues/160", + "refsource": "CONFIRM", + "url": "https://github.com/ganglia/ganglia-web/issues/160" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=892823", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892823" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1865.json b/2013/1xxx/CVE-2013-1865.json index 50ce183d714..780936be197 100644 --- a/2013/1xxx/CVE-2013-1865.json +++ b/2013/1xxx/CVE-2013-1865.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130320 [OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation check (CVE-2013-1865)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/20/13" - }, - { - "name" : "https://bugs.launchpad.net/keystone/+bug/1129713", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/keystone/+bug/1129713" - }, - { - "name" : "https://review.openstack.org/#/c/24906/", - "refsource" : "CONFIRM", - "url" : "https://review.openstack.org/#/c/24906/" - }, - { - "name" : "FEDORA-2013-4590", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html" - }, - { - "name" : "RHSA-2013:0708", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0708.html" - }, - { - "name" : "openSUSE-SU-2013:0565", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html" - }, - { - "name" : "USN-1772-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1772-1" - }, - { - "name" : "58616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58616" - }, - { - "name" : "91532", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/91532" - }, - { - "name" : "52657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130320 [OSSA 2013-009] Keystone PKI tokens online validation bypasses revocation check (CVE-2013-1865)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/20/13" + }, + { + "name": "52657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52657" + }, + { + "name": "openSUSE-SU-2013:0565", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html" + }, + { + "name": "FEDORA-2013-4590", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html" + }, + { + "name": "https://bugs.launchpad.net/keystone/+bug/1129713", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/keystone/+bug/1129713" + }, + { + "name": "https://review.openstack.org/#/c/24906/", + "refsource": "CONFIRM", + "url": "https://review.openstack.org/#/c/24906/" + }, + { + "name": "58616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58616" + }, + { + "name": "USN-1772-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1772-1" + }, + { + "name": "91532", + "refsource": "OSVDB", + "url": "http://osvdb.org/91532" + }, + { + "name": "RHSA-2013:0708", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5037.json b/2013/5xxx/CVE-2013-5037.json index 5f59b34945b..a01863f4d23 100644 --- a/2013/5xxx/CVE-2013-5037.json +++ b/2013/5xxx/CVE-2013-5037.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html" - }, - { - "name" : "http://www.youtube.com/watch?v=CPlT09ZIj48", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=CPlT09ZIj48" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.youtube.com/watch?v=CPlT09ZIj48", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=CPlT09ZIj48" + }, + { + "name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5169.json b/2013/5xxx/CVE-2013-5169.json index 5054cb6dabd..5fef5eae032 100644 --- a/2013/5xxx/CVE-2013-5169.json +++ b/2013/5xxx/CVE-2013-5169.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2013-10-22-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-10-22-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5232.json b/2013/5xxx/CVE-2013-5232.json index 68f27627da6..289f52a6528 100644 --- a/2013/5xxx/CVE-2013-5232.json +++ b/2013/5xxx/CVE-2013-5232.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5232", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5232", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5498.json b/2013/5xxx/CVE-2013-5498.json index d6a355cf464..c600532589e 100644 --- a/2013/5xxx/CVE-2013-5498.json +++ b/2013/5xxx/CVE-2013-5498.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30994", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30994" - }, - { - "name" : "20130926 Cisco IOS XR Software CGSE and ISM Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5498" - }, - { - "name" : "62651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62651" - }, - { - "name" : "97777", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97777" - }, - { - "name" : "ciscoios-cve20135498-dos(87462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97777", + "refsource": "OSVDB", + "url": "http://osvdb.org/97777" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30994", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30994" + }, + { + "name": "20130926 Cisco IOS XR Software CGSE and ISM Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5498" + }, + { + "name": "62651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62651" + }, + { + "name": "ciscoios-cve20135498-dos(87462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87462" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5568.json b/2013/5xxx/CVE-2013-5568.json index af35bb24211..33901baa472 100644 --- a/2013/5xxx/CVE-2013-5568.json +++ b/2013/5xxx/CVE-2013-5568.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka Bug ID CSCui33308." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31693", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31693" - }, - { - "name" : "20131108 Cisco Adaptive Security Appliance Auto-Update Reload Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka Bug ID CSCui33308." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31693", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31693" + }, + { + "name": "20131108 Cisco Adaptive Security Appliance Auto-Update Reload Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5568" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2890.json b/2014/2xxx/CVE-2014-2890.json index c76f3697c3b..1c1ce22e90a 100644 --- a/2014/2xxx/CVE-2014-2890.json +++ b/2014/2xxx/CVE-2014-2890.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140417 CVE Request - XXS in phpMyID (openid_error)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/122" - }, - { - "name" : "[oss-security] 20140418 Re: CVE Request - XXS in phpMyID (openid_error)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/141" - }, - { - "name" : "66665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66665" + }, + { + "name": "[oss-security] 20140417 CVE Request - XXS in phpMyID (openid_error)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/122" + }, + { + "name": "[oss-security] 20140418 Re: CVE Request - XXS in phpMyID (openid_error)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/141" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2897.json b/2014/2xxx/CVE-2014-2897.json index 459feb4cfc3..92f9d091a09 100644 --- a/2014/2xxx/CVE-2014-2897.json +++ b/2014/2xxx/CVE-2014-2897.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2897", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2897", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0016.json b/2017/0xxx/CVE-2017-0016.json index 5be41e6c834..bf168c9a0bf 100644 --- a/2017/0xxx/CVE-2017-0016.json +++ b/2017/0xxx/CVE-2017-0016.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SMBv2/SMBv3", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka \"SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SMBv2/SMBv3", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0016", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0016" - }, - { - "name" : "95969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95969" - }, - { - "name" : "1038001", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038001" - }, - { - "name" : "1037767", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka \"SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95969" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0016", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0016" + }, + { + "name": "1037767", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037767" + }, + { + "name": "1038001", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038001" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0246.json b/2017/0xxx/CVE-2017-0246.json index d9e867be758..dc0949903d0 100644 --- a/2017/0xxx/CVE-2017-0246.json +++ b/2017/0xxx/CVE-2017-0246.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka \"Win32k Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0246", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0246" - }, - { - "name" : "98108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98108" - }, - { - "name" : "1038449", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka \"Win32k Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98108" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0246", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0246" + }, + { + "name": "1038449", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038449" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0500.json b/2017/0xxx/CVE-2017-0500.json index 73c2c1639cb..c4e13844d8a 100644 --- a/2017/0xxx/CVE-2017-0500.json +++ b/2017/0xxx/CVE-2017-0500.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96726" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96726" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0588.json b/2017/0xxx/CVE-2017-0588.json index fbcb7a8558a..c2776d025b7 100644 --- a/2017/0xxx/CVE-2017-0588.json +++ b/2017/0xxx/CVE-2017-0588.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98120" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0854.json b/2017/0xxx/CVE-2017-0854.json index d00d02eb6b2..5eed354550e 100644 --- a/2017/0xxx/CVE-2017-0854.json +++ b/2017/0xxx/CVE-2017-0854.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0963.json b/2017/0xxx/CVE-2017-0963.json index 9027eaadf45..642af87338d 100644 --- a/2017/0xxx/CVE-2017-0963.json +++ b/2017/0xxx/CVE-2017-0963.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0963", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0963", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000197.json b/2017/1000xxx/CVE-2017-1000197.json index 521c0c1a26c..ea8deb0cae7 100644 --- a/2017/1000xxx/CVE-2017-1000197.json +++ b/2017/1000xxx/CVE-2017-1000197.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.423364", - "ID" : "CVE-2017-1000197", - "REQUESTER" : "antirais@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "October CMS", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.412 (build 412)" - } - ] - } - } - ] - }, - "vendor_name" : "October CMS" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.423364", + "ID": "CVE-2017-1000197", + "REQUESTER": "antirais@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-eef90a4e3585febf6489916dc242d0ceR241", - "refsource" : "MISC", - "url" : "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-eef90a4e3585febf6489916dc242d0ceR241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-eef90a4e3585febf6489916dc242d0ceR241", + "refsource": "MISC", + "url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-eef90a4e3585febf6489916dc242d0ceR241" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12356.json b/2017/12xxx/CVE-2017-12356.json index 12f730941c0..aa78c3d231a 100644 --- a/2017/12xxx/CVE-2017-12356.json +++ b/2017/12xxx/CVE-2017-12356.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Jabber", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Jabber" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf50378, CSCvg56018." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Jabber", + "version": { + "version_data": [ + { + "version_value": "Cisco Jabber" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber" - }, - { - "name" : "101990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101990" - }, - { - "name" : "1039914", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf50378, CSCvg56018." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101990" + }, + { + "name": "1039914", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039914" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12863.json b/2017/12xxx/CVE-2017-12863.json index df533ace879..3f86db84f17 100644 --- a/2017/12xxx/CVE-2017-12863.json +++ b/2017/12xxx/CVE-2017-12863.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html" - }, - { - "name" : "https://github.com/opencv/opencv/issues/9371", - "refsource" : "MISC", - "url" : "https://github.com/opencv/opencv/issues/9371" - }, - { - "name" : "GLSA-201712-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html" + }, + { + "name": "GLSA-201712-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-02" + }, + { + "name": "https://github.com/opencv/opencv/issues/9371", + "refsource": "MISC", + "url": "https://github.com/opencv/opencv/issues/9371" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12912.json b/2017/12xxx/CVE-2017-12912.json index f8a3bca5d31..becdcda7d20 100644 --- a/2017/12xxx/CVE-2017-12912.json +++ b/2017/12xxx/CVE-2017-12912.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"mpglibDBL/layer3.c\" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU", - "refsource" : "MISC", - "url" : "https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"mpglibDBL/layer3.c\" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU", + "refsource": "MISC", + "url": "https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16396.json b/2017/16xxx/CVE-2017-16396.json index c6bd1eef109..924bcfeb9fe 100644 --- a/2017/16xxx/CVE-2017-16396.json +++ b/2017/16xxx/CVE-2017-16396.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Access with Incorrect Length Value" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101831" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Access with Incorrect Length Value" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "101831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101831" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16415.json b/2017/16xxx/CVE-2017-16415.json index 12dc5512920..77e1709d1e5 100644 --- a/2017/16xxx/CVE-2017-16415.json +++ b/2017/16xxx/CVE-2017-16415.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Write" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101812" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "101812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101812" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16859.json b/2017/16xxx/CVE-2017-16859.json index 02378315b19..b92e073bb9d 100644 --- a/2017/16xxx/CVE-2017-16859.json +++ b/2017/16xxx/CVE-2017-16859.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-16859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fisheye and Crucible", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "4.3.2" - }, - { - "version_affected" : ">=", - "version_value" : "4.4.0" - }, - { - "version_affected" : "<", - "version_value" : "4.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2017-16859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fisheye and Crucible", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.3.2" + }, + { + "version_affected": ">=", + "version_value": "4.4.0" + }, + { + "version_affected": "<", + "version_value": "4.4.3" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8212", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CRUC-8212" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-7061", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/FE-7061" - }, - { - "name" : "104578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/CRUC-8212", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CRUC-8212" + }, + { + "name": "104578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104578" + }, + { + "name": "https://jira.atlassian.com/browse/FE-7061", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/FE-7061" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16902.json b/2017/16xxx/CVE-2017-16902.json index 6f13946a996..fa208f9f4a0 100644 --- a/2017/16xxx/CVE-2017-16902.json +++ b/2017/16xxx/CVE-2017-16902.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43164", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43164/" - }, - { - "name" : "http://gh0s7.net/vonage2", - "refsource" : "MISC", - "url" : "http://gh0s7.net/vonage2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gh0s7.net/vonage2", + "refsource": "MISC", + "url": "http://gh0s7.net/vonage2" + }, + { + "name": "43164", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43164/" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4032.json b/2017/4xxx/CVE-2017-4032.json index 968b524f16e..f0851eaef80 100644 --- a/2017/4xxx/CVE-2017-4032.json +++ b/2017/4xxx/CVE-2017-4032.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4032", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4032", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4700.json b/2017/4xxx/CVE-2017-4700.json index 99e66decf99..58e215ff067 100644 --- a/2017/4xxx/CVE-2017-4700.json +++ b/2017/4xxx/CVE-2017-4700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4700", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4700", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4725.json b/2017/4xxx/CVE-2017-4725.json index e61e1cb805c..4233b8825d2 100644 --- a/2017/4xxx/CVE-2017-4725.json +++ b/2017/4xxx/CVE-2017-4725.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4725", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4725", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4884.json b/2017/4xxx/CVE-2017-4884.json index 620e5ac15e3..9f75c974fa2 100644 --- a/2017/4xxx/CVE-2017-4884.json +++ b/2017/4xxx/CVE-2017-4884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4884", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4884", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5085.json b/2018/5xxx/CVE-2018-5085.json index 28eb3a1e803..a59e1cf3ee4 100644 --- a/2018/5xxx/CVE-2018-5085.json +++ b/2018/5xxx/CVE-2018-5085.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002124", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002124", + "refsource": "MISC", + "url": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002124" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5105.json b/2018/5xxx/CVE-2018-5105.json index 0aba597f327..8e7f8178317 100644 --- a/2018/5xxx/CVE-2018-5105.json +++ b/2018/5xxx/CVE-2018-5105.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "58" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "WebExtensions can save and execute files on local file system without user prompts" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "58" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1390882", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1390882" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/" - }, - { - "name" : "USN-3544-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3544-1/" - }, - { - "name" : "102786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102786" - }, - { - "name" : "1040270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "WebExtensions can save and execute files on local file system without user prompts" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040270" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1390882", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1390882" + }, + { + "name": "USN-3544-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3544-1/" + }, + { + "name": "102786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102786" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5846.json b/2018/5xxx/CVE-2018-5846.json index 012c3f5852b..f4affdf3a51 100644 --- a/2018/5xxx/CVE-2018-5846.json +++ b/2018/5xxx/CVE-2018-5846.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2018-5846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in IPA" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2018-5846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in IPA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file