From 5f0f8c341d43b89a4e1b3c2f8c9cf1522cfacadc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:17:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0076.json | 140 +++++----- 2001/0xxx/CVE-2001-0437.json | 150 +++++------ 2001/1xxx/CVE-2001-1575.json | 140 +++++----- 2006/2xxx/CVE-2006-2497.json | 180 ++++++------- 2006/2xxx/CVE-2006-2748.json | 200 +++++++-------- 2006/2xxx/CVE-2006-2919.json | 180 ++++++------- 2006/2xxx/CVE-2006-2971.json | 180 ++++++------- 2006/2xxx/CVE-2006-2976.json | 160 ++++++------ 2006/6xxx/CVE-2006-6586.json | 140 +++++----- 2008/5xxx/CVE-2008-5638.json | 150 +++++------ 2008/5xxx/CVE-2008-5908.json | 130 +++++----- 2011/2xxx/CVE-2011-2260.json | 130 +++++----- 2011/2xxx/CVE-2011-2708.json | 34 +-- 2011/2xxx/CVE-2011-2979.json | 190 +++++++------- 2011/3xxx/CVE-2011-3184.json | 270 +++++++++---------- 2011/3xxx/CVE-2011-3348.json | 310 +++++++++++----------- 2011/3xxx/CVE-2011-3664.json | 190 +++++++------- 2011/3xxx/CVE-2011-3728.json | 140 +++++----- 2013/0xxx/CVE-2013-0314.json | 150 +++++------ 2013/0xxx/CVE-2013-0324.json | 150 +++++------ 2013/0xxx/CVE-2013-0433.json | 400 ++++++++++++++--------------- 2013/0xxx/CVE-2013-0876.json | 140 +++++----- 2013/0xxx/CVE-2013-0967.json | 120 ++++----- 2013/1xxx/CVE-2013-1346.json | 120 ++++----- 2013/1xxx/CVE-2013-1704.json | 140 +++++----- 2013/1xxx/CVE-2013-1881.json | 200 +++++++-------- 2013/1xxx/CVE-2013-1903.json | 140 +++++----- 2013/1xxx/CVE-2013-1934.json | 34 +-- 2013/4xxx/CVE-2013-4970.json | 34 +-- 2013/5xxx/CVE-2013-5420.json | 130 +++++----- 2013/5xxx/CVE-2013-5727.json | 34 +-- 2014/2xxx/CVE-2014-2205.json | 160 ++++++------ 2014/2xxx/CVE-2014-2818.json | 160 ++++++------ 2017/0xxx/CVE-2017-0092.json | 150 +++++------ 2017/0xxx/CVE-2017-0314.json | 120 ++++----- 2017/0xxx/CVE-2017-0834.json | 162 ++++++------ 2017/1000xxx/CVE-2017-1000240.json | 124 ++++----- 2017/1000xxx/CVE-2017-1000249.json | 154 +++++------ 2017/1000xxx/CVE-2017-1000380.json | 230 ++++++++--------- 2017/12xxx/CVE-2017-12099.json | 142 +++++----- 2017/12xxx/CVE-2017-12292.json | 130 +++++----- 2017/12xxx/CVE-2017-12525.json | 142 +++++----- 2017/16xxx/CVE-2017-16144.json | 132 +++++----- 2017/16xxx/CVE-2017-16151.json | 132 +++++----- 2017/16xxx/CVE-2017-16692.json | 34 +-- 2017/16xxx/CVE-2017-16729.json | 34 +-- 2017/16xxx/CVE-2017-16854.json | 140 +++++----- 2017/4xxx/CVE-2017-4176.json | 34 +-- 2017/4xxx/CVE-2017-4549.json | 34 +-- 2017/4xxx/CVE-2017-4611.json | 34 +-- 2018/5xxx/CVE-2018-5175.json | 162 ++++++------ 2018/5xxx/CVE-2018-5410.json | 206 +++++++-------- 2018/5xxx/CVE-2018-5615.json | 34 +-- 2018/5xxx/CVE-2018-5825.json | 122 ++++----- 54 files changed, 3789 insertions(+), 3789 deletions(-) diff --git a/2001/0xxx/CVE-2001-0076.json b/2001/0xxx/CVE-2001-0076.json index 322e57ba30b..62ea0fdaa6f 100644 --- a/2001/0xxx/CVE-2001-0076.json +++ b/2001/0xxx/CVE-2001-0076.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001228 Remote vulnerability in Ikonboard upto version 2.1.7b", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0483.html" - }, - { - "name" : "2157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2157" - }, - { - "name" : "http-cgi-ikonboard(5819)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2157" + }, + { + "name": "20001228 Remote vulnerability in Ikonboard upto version 2.1.7b", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0483.html" + }, + { + "name": "http-cgi-ikonboard(5819)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5819" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0437.json b/2001/0xxx/CVE-2001-0437.json index a14cda7d333..bb2c9f8777a 100644 --- a/2001/0xxx/CVE-2001-0437.json +++ b/2001/0xxx/CVE-2001-0437.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010416 qDefense Advisory: DCForum allows remote read/write/execute", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html" - }, - { - "name" : "http://www.dcscripts.com/FAQ/sec_2001_03_31.html", - "refsource" : "CONFIRM", - "url" : "http://www.dcscripts.com/FAQ/sec_2001_03_31.html" - }, - { - "name" : "2611", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2611" - }, - { - "name" : "dcforum-az-file-upload(6393)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dcforum-az-file-upload(6393)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6393" + }, + { + "name": "http://www.dcscripts.com/FAQ/sec_2001_03_31.html", + "refsource": "CONFIRM", + "url": "http://www.dcscripts.com/FAQ/sec_2001_03_31.html" + }, + { + "name": "2611", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2611" + }, + { + "name": "20010416 qDefense Advisory: DCForum allows remote read/write/execute", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1575.json b/2001/1xxx/CVE-2001-1575.json index 76451283ccd..33d3117bb02 100644 --- a/2001/1xxx/CVE-2001-1575.json +++ b/2001/1xxx/CVE-2001-1575.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010628 MacOS Personal Wed Sharing DoS", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00409.html" - }, - { - "name" : "2945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2945" - }, - { - "name" : "macos-personal-web-sharing-dos(6759)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2945" + }, + { + "name": "20010628 MacOS Personal Wed Sharing DoS", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00409.html" + }, + { + "name": "macos-personal-web-sharing-dos(6759)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6759" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2497.json b/2006/2xxx/CVE-2006-2497.json index ff94fd9f40f..b4b276ac89b 100644 --- a/2006/2xxx/CVE-2006-2497.json +++ b/2006/2xxx/CVE-2006-2497.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060518 AspBB Forum \"profile.asp & default.asp\" XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434370/100/0/threaded" - }, - { - "name" : "18025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18025" - }, - { - "name" : "25650", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25650" - }, - { - "name" : "25651", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25651" - }, - { - "name" : "20175", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20175" - }, - { - "name" : "926", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/926" - }, - { - "name" : "aspbb-profile-default-xss(26530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25650", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25650" + }, + { + "name": "926", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/926" + }, + { + "name": "18025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18025" + }, + { + "name": "20060518 AspBB Forum \"profile.asp & default.asp\" XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434370/100/0/threaded" + }, + { + "name": "25651", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25651" + }, + { + "name": "20175", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20175" + }, + { + "name": "aspbb-profile-default-xss(26530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26530" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2748.json b/2006/2xxx/CVE-2006-2748.json index 8ab7f6fddec..d77c0ac79c4 100644 --- a/2006/2xxx/CVE-2006-2748.json +++ b/2006/2xxx/CVE-2006-2748.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435380/100/0/threaded" - }, - { - "name" : "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631", - "refsource" : "MISC", - "url" : "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631" - }, - { - "name" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt", - "refsource" : "MISC", - "url" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=576483", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=576483" - }, - { - "name" : "18169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18169" - }, - { - "name" : "1016178", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016178" - }, - { - "name" : "20341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20341" - }, - { - "name" : "1014", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1014" - }, - { - "name" : "osic-adminfunctions-editcatalogue-sql-inj(26968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=576483", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=576483" + }, + { + "name": "osic-adminfunctions-editcatalogue-sql-inj(26968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26968" + }, + { + "name": "20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435380/100/0/threaded" + }, + { + "name": "20341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20341" + }, + { + "name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt", + "refsource": "MISC", + "url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt" + }, + { + "name": "1016178", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016178" + }, + { + "name": "1014", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1014" + }, + { + "name": "18169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18169" + }, + { + "name": "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631", + "refsource": "MISC", + "url": "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2919.json b/2006/2xxx/CVE-2006-2919.json index f5b69cad515..ca410086755 100644 --- a/2006/2xxx/CVE-2006-2919.json +++ b/2006/2xxx/CVE-2006-2919.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060607 [HV-LOW] Microsoft NetMeeting memory corruption (Brief)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436285/100/0/threaded" - }, - { - "name" : "20060607 [HV-LOW] Microsoft NetMeeting memory corruption (Brief)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046636.html" - }, - { - "name" : "http://www.hexview.com/docs/20060606-1.txt", - "refsource" : "MISC", - "url" : "http://www.hexview.com/docs/20060606-1.txt" - }, - { - "name" : "18311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18311" - }, - { - "name" : "1016238", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016238" - }, - { - "name" : "20477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20477" - }, - { - "name" : "netmeeting-memory-corruption-dos(26971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netmeeting-memory-corruption-dos(26971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26971" + }, + { + "name": "http://www.hexview.com/docs/20060606-1.txt", + "refsource": "MISC", + "url": "http://www.hexview.com/docs/20060606-1.txt" + }, + { + "name": "18311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18311" + }, + { + "name": "1016238", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016238" + }, + { + "name": "20060607 [HV-LOW] Microsoft NetMeeting memory corruption (Brief)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436285/100/0/threaded" + }, + { + "name": "20477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20477" + }, + { + "name": "20060607 [HV-LOW] Microsoft NetMeeting memory corruption (Brief)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046636.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2971.json b/2006/2xxx/CVE-2006-2971.json index 7d277101f20..7ea40e5ba86 100644 --- a/2006/2xxx/CVE-2006-2971.json +++ b/2006/2xxx/CVE-2006-2971.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060609 0verkill 0.6, Remote integer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436659/100/0/threaded" - }, - { - "name" : "18353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18353" - }, - { - "name" : "ADV-2006-2245", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2245" - }, - { - "name" : "26029", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26029" - }, - { - "name" : "20551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20551" - }, - { - "name" : "1090", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1090" - }, - { - "name" : "overkill-recvpacket-integer-underflow(27028)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18353" + }, + { + "name": "26029", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26029" + }, + { + "name": "1090", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1090" + }, + { + "name": "20060609 0verkill 0.6, Remote integer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436659/100/0/threaded" + }, + { + "name": "ADV-2006-2245", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2245" + }, + { + "name": "overkill-recvpacket-integer-underflow(27028)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27028" + }, + { + "name": "20551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20551" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2976.json b/2006/2xxx/CVE-2006-2976.json index c1aa743b7b6..5366dd91401 100644 --- a/2006/2xxx/CVE-2006-2976.json +++ b/2006/2xxx/CVE-2006-2976.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://coppermine-gallery.net/forum/index.php?topic=32333.0", - "refsource" : "CONFIRM", - "url" : "http://coppermine-gallery.net/forum/index.php?topic=32333.0" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658" - }, - { - "name" : "ADV-2006-2185", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2185" - }, - { - "name" : "20465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20465" - }, - { - "name" : "coppermine-usermgr-unspecified(26983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2185", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2185" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658" + }, + { + "name": "20465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20465" + }, + { + "name": "http://coppermine-gallery.net/forum/index.php?topic=32333.0", + "refsource": "CONFIRM", + "url": "http://coppermine-gallery.net/forum/index.php?topic=32333.0" + }, + { + "name": "coppermine-usermgr-unspecified(26983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26983" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6586.json b/2006/6xxx/CVE-2006-6586.json index 41d3782e025..8e135b8203e 100644 --- a/2006/6xxx/CVE-2006-6586.json +++ b/2006/6xxx/CVE-2006-6586.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2740", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2740" - }, - { - "name" : "1017204", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017204" - }, - { - "name" : "vblog-cfgprogdir-file-include(30094)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2740", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2740" + }, + { + "name": "vblog-cfgprogdir-file-include(30094)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30094" + }, + { + "name": "1017204", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017204" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5638.json b/2008/5xxx/CVE-2008-5638.json index ff82ffe19a1..9233fef89f0 100644 --- a/2008/5xxx/CVE-2008-5638.json +++ b/2008/5xxx/CVE-2008-5638.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7300", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7300" - }, - { - "name" : "32896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32896" - }, - { - "name" : "4768", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4768" - }, - { - "name" : "activeprice-reviews-sql-injection(46908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32896" + }, + { + "name": "7300", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7300" + }, + { + "name": "4768", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4768" + }, + { + "name": "activeprice-reviews-sql-injection(46908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46908" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5908.json b/2008/5xxx/CVE-2008-5908.json index 10e034e51f4..afd45c39e8b 100644 --- a/2008/5xxx/CVE-2008-5908.json +++ b/2008/5xxx/CVE-2008-5908.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the root/boot archive tool in Sun OpenSolaris has unknown impact and local attack vectors, related to a \"Temporary file vulnerability,\" aka Bug ID 6653455." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://opensolaris.org/os/bug_reports/request_sponsor/", - "refsource" : "MISC", - "url" : "http://opensolaris.org/os/bug_reports/request_sponsor/" - }, - { - "name" : "opensolaris-root-boot-unspecified(48146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the root/boot archive tool in Sun OpenSolaris has unknown impact and local attack vectors, related to a \"Temporary file vulnerability,\" aka Bug ID 6653455." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://opensolaris.org/os/bug_reports/request_sponsor/", + "refsource": "MISC", + "url": "http://opensolaris.org/os/bug_reports/request_sponsor/" + }, + { + "name": "opensolaris-root-boot-unspecified(48146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48146" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2260.json b/2011/2xxx/CVE-2011-2260.json index bf630a8d5f9..f8d2c59e5f7 100644 --- a/2011/2xxx/CVE-2011-2260.json +++ b/2011/2xxx/CVE-2011-2260.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2708.json b/2011/2xxx/CVE-2011-2708.json index 257b4e3d782..904d69bdd5b 100644 --- a/2011/2xxx/CVE-2011-2708.json +++ b/2011/2xxx/CVE-2011-2708.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2708", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2710. Reason: This candidate is a duplicate of CVE-2011-2710. Notes: All CVE users should reference CVE-2011-2710 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2708", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2710. Reason: This candidate is a duplicate of CVE-2011-2710. Notes: All CVE users should reference CVE-2011-2710 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2979.json b/2011/2xxx/CVE-2011-2979.json index 34537e6c03a..409d189a8b2 100644 --- a/2011/2xxx/CVE-2011-2979.json +++ b/2011/2xxx/CVE-2011-2979.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.4.11/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.4.11/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=674497", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=674497" - }, - { - "name" : "DSA-2322", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2322" - }, - { - "name" : "49042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49042" - }, - { - "name" : "74298", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/74298" - }, - { - "name" : "74299", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/74299" - }, - { - "name" : "45501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45501" - }, - { - "name" : "bugzilla-queries-info-disclosure(69166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74298", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/74298" + }, + { + "name": "bugzilla-queries-info-disclosure(69166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69166" + }, + { + "name": "45501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45501" + }, + { + "name": "http://www.bugzilla.org/security/3.4.11/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.4.11/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=674497", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=674497" + }, + { + "name": "74299", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/74299" + }, + { + "name": "DSA-2322", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2322" + }, + { + "name": "49042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49042" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3184.json b/2011/3xxx/CVE-2011-3184.json index cd60d2cbc9b..8beb10fd047 100644 --- a/2011/3xxx/CVE-2011-3184.json +++ b/2011/3xxx/CVE-2011-3184.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110822 Re: CVE request: Pidgin crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/4" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: Pidgin crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/7" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: Pidgin crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/10" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: Pidgin crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/12" - }, - { - "name" : "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c" - }, - { - "name" : "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1" - }, - { - "name" : "http://pidgin.im/news/security/?id=54", - "refsource" : "CONFIRM", - "url" : "http://pidgin.im/news/security/?id=54" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=732405", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=732405" - }, - { - "name" : "FEDORA-2011-11544", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html" - }, - { - "name" : "FEDORA-2011-11595", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html" - }, - { - "name" : "49268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49268" - }, - { - "name" : "oval:org.mitre.oval:def:18284", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284" - }, - { - "name" : "1025961", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025961" - }, - { - "name" : "45663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45663" - }, - { - "name" : "45916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45916" - }, - { - "name" : "pidgin-msn-protocol-dos(69341)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-11544", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/10" + }, + { + "name": "oval:org.mitre.oval:def:18284", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284" + }, + { + "name": "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c" + }, + { + "name": "pidgin-msn-protocol-dos(69341)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69341" + }, + { + "name": "http://pidgin.im/news/security/?id=54", + "refsource": "CONFIRM", + "url": "http://pidgin.im/news/security/?id=54" + }, + { + "name": "45663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45663" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/4" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/7" + }, + { + "name": "FEDORA-2011-11595", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html" + }, + { + "name": "45916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45916" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/12" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=732405", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732405" + }, + { + "name": "49268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49268" + }, + { + "name": "1025961", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025961" + }, + { + "name": "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3348.json b/2011/3xxx/CVE-2011-3348.json index b32efe735e1..fe146e4291f 100644 --- a/2011/3xxx/CVE-2011-3348.json +++ b/2011/3xxx/CVE-2011-3348.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary \"error state\" in the backend server) via a malformed HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://community.jboss.org/message/625307", - "refsource" : "MISC", - "url" : "http://community.jboss.org/message/625307" - }, - { - "name" : "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21" - }, - { - "name" : "http://www.apache.org/dist/httpd/Announcement2.2.html", - "refsource" : "CONFIRM", - "url" : "http://www.apache.org/dist/httpd/Announcement2.2.html" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "HPSBUX02707", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131731002122529&w=2" - }, - { - "name" : "SSRT100626", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131731002122529&w=2" - }, - { - "name" : "HPSBMU02704", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132033751509019&w=2" - }, - { - "name" : "SSRT100619", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132033751509019&w=2" - }, - { - "name" : "MDVSA-2011:168", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:168" - }, - { - "name" : "RHSA-2011:1391", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1391.html" - }, - { - "name" : "RHSA-2012:0542", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0542.html" - }, - { - "name" : "RHSA-2012:0543", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0543.html" - }, - { - "name" : "49616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49616" - }, - { - "name" : "oval:org.mitre.oval:def:14941", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14941" - }, - { - "name" : "oval:org.mitre.oval:def:18154", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18154" - }, - { - "name" : "1026054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026054" - }, - { - "name" : "46013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46013" - }, - { - "name" : "apache-modproxyajp-dos(69804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary \"error state\" in the backend server) via a malformed HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX02707", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131731002122529&w=2" + }, + { + "name": "apache-modproxyajp-dos(69804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69804" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "RHSA-2011:1391", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1391.html" + }, + { + "name": "oval:org.mitre.oval:def:14941", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14941" + }, + { + "name": "RHSA-2012:0543", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html" + }, + { + "name": "SSRT100619", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132033751509019&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" + }, + { + "name": "MDVSA-2011:168", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:168" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "http://community.jboss.org/message/625307", + "refsource": "MISC", + "url": "http://community.jboss.org/message/625307" + }, + { + "name": "49616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49616" + }, + { + "name": "RHSA-2012:0542", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html" + }, + { + "name": "http://www.apache.org/dist/httpd/Announcement2.2.html", + "refsource": "CONFIRM", + "url": "http://www.apache.org/dist/httpd/Announcement2.2.html" + }, + { + "name": "SSRT100626", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131731002122529&w=2" + }, + { + "name": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21" + }, + { + "name": "1026054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026054" + }, + { + "name": "HPSBMU02704", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132033751509019&w=2" + }, + { + "name": "oval:org.mitre.oval:def:18154", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18154" + }, + { + "name": "46013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46013" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3664.json b/2011/3xxx/CVE-2011-3664.json index 9168c952e81..74ce97f9106 100644 --- a/2011/3xxx/CVE-2011-3664.json +++ b/2011/3xxx/CVE-2011-3664.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-57.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-57.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=649079", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=649079" - }, - { - "name" : "oval:org.mitre.oval:def:14574", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14574" - }, - { - "name" : "1026445", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026445" - }, - { - "name" : "1026446", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026446" - }, - { - "name" : "1026447", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026447" - }, - { - "name" : "47302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47302" - }, - { - "name" : "47334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=649079", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=649079" + }, + { + "name": "47334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47334" + }, + { + "name": "1026447", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026447" + }, + { + "name": "1026446", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026446" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-57.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-57.html" + }, + { + "name": "1026445", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026445" + }, + { + "name": "oval:org.mitre.oval:def:14574", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14574" + }, + { + "name": "47302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47302" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3728.json b/2011/3xxx/CVE-2011-3728.json index d04f6dcb0ee..d5b0ac796f0 100644 --- a/2011/3xxx/CVE-2011-3728.json +++ b/2011/3xxx/CVE-2011-3728.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Dolphin-7.0.4", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Dolphin-7.0.4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Dolphin-7.0.4", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Dolphin-7.0.4" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0314.json b/2013/0xxx/CVE-2013-0314.json index d8aea5819c9..650ad0b109f 100644 --- a/2013/0xxx/CVE-2013-0314.json +++ b/2013/0xxx/CVE-2013-0314.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=913327", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=913327" - }, - { - "name" : "RHSA-2013:0613", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0613.html" - }, - { - "name" : "91120", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/91120" - }, - { - "name" : "52552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=913327", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913327" + }, + { + "name": "52552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52552" + }, + { + "name": "91120", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/91120" + }, + { + "name": "RHSA-2013:0613", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0613.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0324.json b/2013/0xxx/CVE-2013-0324.json index f8c56ee410c..6b9fc8a7b43 100644 --- a/2013/0xxx/CVE-2013-0324.json +++ b/2013/0xxx/CVE-2013-0324.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the \"Administer menus and menu items\" permission to inject arbitrary web script or HTML via the menu link title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/21/5" - }, - { - "name" : "http://drupal.org/node/1922446", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1922446" - }, - { - "name" : "http://drupal.org/node/1922434", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1922434" - }, - { - "name" : "http://drupalcode.org/project/menu_reference.git/commitdiff/7e7367d", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/menu_reference.git/commitdiff/7e7367d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the \"Administer menus and menu items\" permission to inject arbitrary web script or HTML via the menu link title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1922446", + "refsource": "MISC", + "url": "http://drupal.org/node/1922446" + }, + { + "name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/21/5" + }, + { + "name": "http://drupalcode.org/project/menu_reference.git/commitdiff/7e7367d", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/menu_reference.git/commitdiff/7e7367d" + }, + { + "name": "http://drupal.org/node/1922434", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1922434" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0433.json b/2013/0xxx/CVE-2013-0433.json index 13eb45447aa..d570428b75b 100644 --- a/2013/0xxx/CVE-2013-0433.json +++ b/2013/0xxx/CVE-2013-0433.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=907456", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=907456" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02864", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "SSRT101156", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "RHSA-2013:0236", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "RHSA-2013:0245", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" - }, - { - "name" : "RHSA-2013:0246", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" - }, - { - "name" : "RHSA-2013:0247", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "openSUSE-SU-2013:0312", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" - }, - { - "name" : "openSUSE-SU-2013:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "57719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57719" - }, - { - "name" : "oval:org.mitre.oval:def:16537", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16537" - }, - { - "name" : "oval:org.mitre.oval:def:19405", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19405" - }, - { - "name" : "oval:org.mitre.oval:def:19459", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19459" - }, - { - "name" : "oval:org.mitre.oval:def:19468", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "oval:org.mitre.oval:def:16537", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16537" + }, + { + "name": "oval:org.mitre.oval:def:19459", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19459" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "SSRT101156", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8" + }, + { + "name": "RHSA-2013:0236", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "RHSA-2013:0247", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19405", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19405" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "openSUSE-SU-2013:0312", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" + }, + { + "name": "openSUSE-SU-2013:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" + }, + { + "name": "57719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57719" + }, + { + "name": "RHSA-2013:0246", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "HPSBUX02864", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "RHSA-2013:0245", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" + }, + { + "name": "oval:org.mitre.oval:def:19468", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19468" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=907456", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907456" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0876.json b/2013/0xxx/CVE-2013-0876.json index 8d51614297c..0ccfa870854 100644 --- a/2013/0xxx/CVE-2013-0876.json +++ b/2013/0xxx/CVE-2013-0876.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0967.json b/2013/0xxx/CVE-2013-0967.json index e89edb4bc8a..71a3df23e43 100644 --- a/2013/0xxx/CVE-2013-0967.json +++ b/2013/0xxx/CVE-2013-0967.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2013-03-14-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-03-14-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1346.json b/2013/1xxx/CVE-2013-1346.json index 8c1dd3891f3..4080e3d95fd 100644 --- a/2013/1xxx/CVE-2013-1346.json +++ b/2013/1xxx/CVE-2013-1346.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://technet.microsoft.com/security/advisory/2846338", - "refsource" : "CONFIRM", - "url" : "http://technet.microsoft.com/security/advisory/2846338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://technet.microsoft.com/security/advisory/2846338", + "refsource": "CONFIRM", + "url": "http://technet.microsoft.com/security/advisory/2846338" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1704.json b/2013/1xxx/CVE-2013-1704.json index e67c973cb82..b85d5191f3e 100644 --- a/2013/1xxx/CVE-2013-1704.json +++ b/2013/1xxx/CVE-2013-1704.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-64.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-64.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=883313", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=883313" - }, - { - "name" : "oval:org.mitre.oval:def:18945", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=883313", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=883313" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-64.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-64.html" + }, + { + "name": "oval:org.mitre.oval:def:18945", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18945" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1881.json b/2013/1xxx/CVE-2013-1881.json index f5eaa11800f..e677ac639dc 100644 --- a/2013/1xxx/CVE-2013-1881.json +++ b/2013/1xxx/CVE-2013-1881.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://en.securitylab.ru/lab/PT-2013-01", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/lab/PT-2013-01" - }, - { - "name" : "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=691708", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=691708" - }, - { - "name" : "RHSA-2014:0127", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0127.html" - }, - { - "name" : "openSUSE-SU-2013:1786", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html" - }, - { - "name" : "SUSE-SU-2015:1785", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html" - }, - { - "name" : "USN-2149-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2149-1" - }, - { - "name" : "USN-2149-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2149-2" - }, - { - "name" : "55088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes", + "refsource": "CONFIRM", + "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=691708", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708" + }, + { + "name": "55088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55088" + }, + { + "name": "USN-2149-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2149-1" + }, + { + "name": "RHSA-2014:0127", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html" + }, + { + "name": "http://en.securitylab.ru/lab/PT-2013-01", + "refsource": "MISC", + "url": "http://en.securitylab.ru/lab/PT-2013-01" + }, + { + "name": "openSUSE-SU-2013:1786", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html" + }, + { + "name": "SUSE-SU-2015:1785", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html" + }, + { + "name": "USN-2149-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2149-2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1903.json b/2013/1xxx/CVE-2013-1903.json index 5d80edc63f3..2b636fca8d8 100644 --- a/2013/1xxx/CVE-2013-1903.json +++ b/2013/1xxx/CVE-2013-1903.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to \"graphical installers for Linux and Mac OS X,\" which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/about/news/1456/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news/1456/" - }, - { - "name" : "http://www.postgresql.org/support/security/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/support/security/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to \"graphical installers for Linux and Mac OS X,\" which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.postgresql.org/about/news/1456/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news/1456/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "http://www.postgresql.org/support/security/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/support/security/" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1934.json b/2013/1xxx/CVE-2013-1934.json index 4ad2b03a276..3b39b64319a 100644 --- a/2013/1xxx/CVE-2013-1934.json +++ b/2013/1xxx/CVE-2013-1934.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1934", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1934", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4970.json b/2013/4xxx/CVE-2013-4970.json index acdeb222f95..deabf1ca5c5 100644 --- a/2013/4xxx/CVE-2013-4970.json +++ b/2013/4xxx/CVE-2013-4970.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4970", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4970", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5420.json b/2013/5xxx/CVE-2013-5420.json index 43766a13c2d..97a22decba1 100644 --- a/2013/5xxx/CVE-2013-5420.json +++ b/2013/5xxx/CVE-2013-5420.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660211", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660211" - }, - { - "name" : "ibm-sam-cve20135420-info-disc(87482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sam-cve20135420-info-disc(87482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87482" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660211", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660211" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5727.json b/2013/5xxx/CVE-2013-5727.json index c516908912f..a5e3851d773 100644 --- a/2013/5xxx/CVE-2013-5727.json +++ b/2013/5xxx/CVE-2013-5727.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5727", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5727", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2205.json b/2014/2xxx/CVE-2014-2205.json index 1ca80e180b5..2ff15e9984c 100644 --- a/2014/2xxx/CVE-2014-2205.json +++ b/2014/2xxx/CVE-2014-2205.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531255/100/0/threaded" - }, - { - "name" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt", - "refsource" : "MISC", - "url" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10065", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10065" - }, - { - "name" : "65771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65771" - }, - { - "name" : "57114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57114" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10065", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10065" + }, + { + "name": "20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531255/100/0/threaded" + }, + { + "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt", + "refsource": "MISC", + "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt" + }, + { + "name": "65771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65771" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2818.json b/2014/2xxx/CVE-2014-2818.json index a0a3eb5080e..9de82405b04 100644 --- a/2014/2xxx/CVE-2014-2818.json +++ b/2014/2xxx/CVE-2014-2818.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69115" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - }, - { - "name" : "ms-ie-cve20142818-code-exec(94975)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "ms-ie-cve20142818-code-exec(94975)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94975" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "69115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69115" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0092.json b/2017/0xxx/CVE-2017-0092.json index 1f5787582b8..583c90d04b6 100644 --- a/2017/0xxx/CVE-2017-0092.json +++ b/2017/0xxx/CVE-2017-0092.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41655", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41655/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092" - }, - { - "name" : "96676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96676" - }, - { - "name" : "1037992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037992" + }, + { + "name": "96676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96676" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092" + }, + { + "name": "41655", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41655/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0314.json b/2017/0xxx/CVE-2017-0314.json index a20d86babfe..ce9cde23a23 100644 --- a/2017/0xxx/CVE-2017-0314.json +++ b/2017/0xxx/CVE-2017-0314.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0834.json b/2017/0xxx/CVE-2017-0834.json index e99b00fc8dd..d0c3792aabf 100644 --- a/2017/0xxx/CVE-2017-0834.json +++ b/2017/0xxx/CVE-2017-0834.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "101717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + }, + { + "name": "101717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101717" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000240.json b/2017/1000xxx/CVE-2017-1000240.json index 272c7464b8f..f9f029e22a0 100644 --- a/2017/1000xxx/CVE-2017-1000240.json +++ b/2017/1000xxx/CVE-2017-1000240.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.469414", - "ID" : "CVE-2017-1000240", - "REQUESTER" : "yann.chalencon@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenEMR", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0 and older" - } - ] - } - } - ] - }, - "vendor_name" : "OpenEMR" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.469414", + "ID": "CVE-2017-1000240", + "REQUESTER": "yann.chalencon@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-001", - "refsource" : "MISC", - "url" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-001", + "refsource": "MISC", + "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-001" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000249.json b/2017/1000xxx/CVE-2017-1000249.json index cfb4a257828..8948b979722 100644 --- a/2017/1000xxx/CVE-2017-1000249.json +++ b/2017/1000xxx/CVE-2017-1000249.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-09-01", - "ID" : "CVE-2017-1000249", - "REQUESTER" : "thomas.jarosch@intra2net.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "file", - "version" : { - "version_data" : [ - { - "version_value" : "file() after commit 9611f31313a93aa036389c5f3b15eea53510d4d1, first affected version is file 5.29, released on 2016-10-25." - } - ] - } - } - ] - }, - "vendor_name" : "file" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-09-01", + "ID": "CVE-2017-1000249", + "REQUESTER": "thomas.jarosch@intra2net.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793", - "refsource" : "CONFIRM", - "url" : "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793" - }, - { - "name" : "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d", - "refsource" : "CONFIRM", - "url" : "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d" - }, - { - "name" : "DSA-3965", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3965" - }, - { - "name" : "GLSA-201710-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793", + "refsource": "CONFIRM", + "url": "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793" + }, + { + "name": "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d", + "refsource": "CONFIRM", + "url": "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d" + }, + { + "name": "DSA-3965", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3965" + }, + { + "name": "GLSA-201710-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000380.json b/2017/1000xxx/CVE-2017-1000380.json index 150dfdd6de6..0fef23c145b 100644 --- a/2017/1000xxx/CVE-2017-1000380.json +++ b/2017/1000xxx/CVE-2017-1000380.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux Kernel 4.11-stable and earlier, 3.x including 3.18, 2.6.0 and later", - "version" : { - "version_data" : [ - { - "version_value" : "Linux Kernel 4.11-stable and earlier, 3.x including 3.18, 2.6.0 and later" - } - ] - } - } - ] - }, - "vendor_name" : "Linux" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "race condition" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5", - "refsource" : "MISC", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5" - }, - { - "name" : "http://www.openwall.com/lists/oss-security/2017/06/12/2", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/06/12/2" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728" - }, - { - "name" : "https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" - }, - { - "name" : "DSA-3981", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3981" - }, - { - "name" : "RHSA-2017:3295", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3295" - }, - { - "name" : "RHSA-2017:3315", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3315" - }, - { - "name" : "RHSA-2017:3322", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3322" - }, - { - "name" : "99121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3315", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3315" + }, + { + "name": "RHSA-2017:3322", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3322" + }, + { + "name": "RHSA-2017:3295", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3295" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5", + "refsource": "MISC", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5" + }, + { + "name": "https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/06/12/2", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/06/12/2" + }, + { + "name": "DSA-3981", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3981" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" + }, + { + "name": "https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378" + }, + { + "name": "99121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99121" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12099.json b/2017/12xxx/CVE-2017-12099.json index 5535d6ad26b..3451606c523 100644 --- a/2017/12xxx/CVE-2017-12099.json +++ b/2017/12xxx/CVE-2017-12099.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-01-11T00:00:00", - "ID" : "CVE-2017-12099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Blender", - "version" : { - "version_data" : [ - { - "version_value" : "v2.78c" - } - ] - } - } - ] - }, - "vendor_name" : "Blender" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-01-11T00:00:00", + "ID": "CVE-2017-12099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Blender", + "version": { + "version_data": [ + { + "version_value": "v2.78c" + } + ] + } + } + ] + }, + "vendor_name": "Blender" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html" - }, - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451" - }, - { - "name" : "DSA-4248", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html" + }, + { + "name": "DSA-4248", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4248" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12292.json b/2017/12xxx/CVE-2017-12292.json index d9d5420842e..a94bc85585f 100644 --- a/2017/12xxx/CVE-2017-12292.json +++ b/2017/12xxx/CVE-2017-12292.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Registered Envelope Service", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Registered Envelope Service" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Registered Envelope Service", + "version": { + "version_data": [ + { + "version_value": "Cisco Registered Envelope Service" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res" - }, - { - "name" : "101863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res" + }, + { + "name": "101863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101863" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12525.json b/2017/12xxx/CVE-2017-12525.json index 1a8cd810c95..3f6169b5a0f 100644 --- a/2017/12xxx/CVE-2017-12525.json +++ b/2017/12xxx/CVE-2017-12525.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16144.json b/2017/16xxx/CVE-2017-16144.json index 704b26e132f..7b9354f7d2d 100644 --- a/2017/16xxx/CVE-2017-16144.json +++ b/2017/16xxx/CVE-2017-16144.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "myserver.alexcthomas18 node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "myserver.alexcthomas18 node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/myserver.alexcthomas18", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/myserver.alexcthomas18" - }, - { - "name" : "https://nodesecurity.io/advisories/469", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/469", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/469" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/myserver.alexcthomas18", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/myserver.alexcthomas18" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16151.json b/2017/16xxx/CVE-2017-16151.json index 5bbdd666529..ac54dc423c4 100644 --- a/2017/16xxx/CVE-2017-16151.json +++ b/2017/16xxx/CVE-2017-16151.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "electron node module", - "version" : { - "version_data" : [ - { - "version_value" : "< 1.6.14 || >= 1.7.0 < 1.7.8" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Code Injection (CWE-94)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "electron node module", + "version": { + "version_data": [ + { + "version_value": "< 1.6.14 || >= 1.7.0 < 1.7.8" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix", - "refsource" : "MISC", - "url" : "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix" - }, - { - "name" : "https://nodesecurity.io/advisories/539", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection (CWE-94)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix", + "refsource": "MISC", + "url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix" + }, + { + "name": "https://nodesecurity.io/advisories/539", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/539" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16692.json b/2017/16xxx/CVE-2017-16692.json index 8e61e1fcf29..9884c7c187a 100644 --- a/2017/16xxx/CVE-2017-16692.json +++ b/2017/16xxx/CVE-2017-16692.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16692", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16692", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16729.json b/2017/16xxx/CVE-2017-16729.json index 7fa08103278..8a2c29ada15 100644 --- a/2017/16xxx/CVE-2017-16729.json +++ b/2017/16xxx/CVE-2017-16729.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16729", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16729", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16854.json b/2017/16xxx/CVE-2017-16854.json index dfa66ed51fc..0d34bdceccc 100644 --- a/2017/16xxx/CVE-2017-16854.json +++ b/2017/16xxx/CVE-2017-16854.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html" - }, - { - "name" : "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/", - "refsource" : "CONFIRM", - "url" : "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/" - }, - { - "name" : "DSA-4066", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html" + }, + { + "name": "DSA-4066", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4066" + }, + { + "name": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/", + "refsource": "CONFIRM", + "url": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4176.json b/2017/4xxx/CVE-2017-4176.json index 8337c206502..2f9a0a30936 100644 --- a/2017/4xxx/CVE-2017-4176.json +++ b/2017/4xxx/CVE-2017-4176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4176", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4176", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4549.json b/2017/4xxx/CVE-2017-4549.json index d4fd92dba76..5da13c3966e 100644 --- a/2017/4xxx/CVE-2017-4549.json +++ b/2017/4xxx/CVE-2017-4549.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4549", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4549", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4611.json b/2017/4xxx/CVE-2017-4611.json index b87d9d41049..e3a77979044 100644 --- a/2017/4xxx/CVE-2017-4611.json +++ b/2017/4xxx/CVE-2017-4611.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4611", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4611", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5175.json b/2018/5xxx/CVE-2018-5175.json index f8da3eed25d..2fb99abedd7 100644 --- a/2018/5xxx/CVE-2018-5175.json +++ b/2018/5xxx/CVE-2018-5175.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A mechanism to bypass Content Security Policy (CSP) protections on sites that have a \"script-src\" policy of \"'strict-dynamic'\". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the \"require.js\" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Universal CSP bypass on sites using strict-dynamic in their policies" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1432358", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1432358" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-11/" - }, - { - "name" : "USN-3645-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3645-1/" - }, - { - "name" : "104139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104139" - }, - { - "name" : "1040896", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A mechanism to bypass Content Security Policy (CSP) protections on sites that have a \"script-src\" policy of \"'strict-dynamic'\". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the \"require.js\" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Universal CSP bypass on sites using strict-dynamic in their policies" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-11/" + }, + { + "name": "1040896", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040896" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432358", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432358" + }, + { + "name": "USN-3645-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3645-1/" + }, + { + "name": "104139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104139" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5410.json b/2018/5xxx/CVE-2018-5410.json index 0b1900d1547..7fe15900aa0 100644 --- a/2018/5xxx/CVE-2018-5410.json +++ b/2018/5xxx/CVE-2018-5410.json @@ -1,105 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2018-5410", - "STATE" : "PUBLIC", - "TITLE" : "Dokan file system driver contains a stack-based buffer overflow" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Open Source File System", - "version" : { - "version_data" : [ - { - "affected" : ">=", - "version_name" : "1.0.0.5000", - "version_value" : "1.0.0.5000" - }, - { - "affected" : "<=", - "version_name" : "1.2.0.1000", - "version_value" : "1.2.0.1000" - } - ] - } - } - ] - }, - "vendor_name" : "Dokan" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Thanks to Parvez Anwar for reporting this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121: Stack-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2018-5410", + "STATE": "PUBLIC", + "TITLE": "Dokan file system driver contains a stack-based buffer overflow" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Source File System", + "version": { + "version_data": [ + { + "affected": ">=", + "version_name": "1.0.0.5000", + "version_value": "1.0.0.5000" + }, + { + "affected": "<=", + "version_name": "1.2.0.1000", + "version_value": "1.2.0.1000" + } + ] + } + } + ] + }, + "vendor_name": "Dokan" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46155", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46155/" - }, - { - "name" : "https://cwe.mitre.org/data/definitions/121.html", - "refsource" : "MISC", - "url" : "https://cwe.mitre.org/data/definitions/121.html" - }, - { - "name" : "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000", - "refsource" : "CONFIRM", - "url" : "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000" - }, - { - "name" : "VU#741315", - "refsource" : "CERT-VN", - "url" : "https://kb.cert.org/vuls/id/741315/" - }, - { - "name" : "106274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106274" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Dokan developers have released a new version, 1.2.1, that fixes this vulnerability by validating the user input." - } - ], - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Parvez Anwar for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#741315", + "refsource": "CERT-VN", + "url": "https://kb.cert.org/vuls/id/741315/" + }, + { + "name": "46155", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46155/" + }, + { + "name": "https://cwe.mitre.org/data/definitions/121.html", + "refsource": "MISC", + "url": "https://cwe.mitre.org/data/definitions/121.html" + }, + { + "name": "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000", + "refsource": "CONFIRM", + "url": "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000" + }, + { + "name": "106274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106274" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Dokan developers have released a new version, 1.2.1, that fixes this vulnerability by validating the user input." + } + ], + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5615.json b/2018/5xxx/CVE-2018-5615.json index 6144c08cd2d..593a5512472 100644 --- a/2018/5xxx/CVE-2018-5615.json +++ b/2018/5xxx/CVE-2018-5615.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5615", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5615", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5825.json b/2018/5xxx/CVE-2018-5825.json index 468ab505c0a..419203d1e69 100644 --- a/2018/5xxx/CVE-2018-5825.json +++ b/2018/5xxx/CVE-2018-5825.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2018-5825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in Data" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2018-5825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file