From 6145cac304212f9e45ddc0b2d4e76b0dcd7203f9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:50:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0010.json | 160 ++++----- 2001/0xxx/CVE-2001-0149.json | 160 ++++----- 2001/0xxx/CVE-2001-0218.json | 140 ++++---- 2001/0xxx/CVE-2001-0239.json | 180 +++++----- 2001/0xxx/CVE-2001-0376.json | 130 ++++---- 2001/0xxx/CVE-2001-0438.json | 120 +++---- 2001/0xxx/CVE-2001-0538.json | 180 +++++----- 2001/1xxx/CVE-2001-1463.json | 140 ++++---- 2006/2xxx/CVE-2006-2060.json | 200 +++++------ 2006/2xxx/CVE-2006-2110.json | 190 +++++------ 2006/2xxx/CVE-2006-2862.json | 160 ++++----- 2006/2xxx/CVE-2006-2903.json | 160 ++++----- 2006/6xxx/CVE-2006-6051.json | 150 ++++----- 2006/6xxx/CVE-2006-6722.json | 150 ++++----- 2011/2xxx/CVE-2011-2066.json | 34 +- 2011/2xxx/CVE-2011-2346.json | 160 ++++----- 2011/2xxx/CVE-2011-2451.json | 200 +++++------ 2011/2xxx/CVE-2011-2643.json | 210 ++++++------ 2011/2xxx/CVE-2011-2672.json | 180 +++++----- 2011/3xxx/CVE-2011-3048.json | 380 ++++++++++----------- 2011/3xxx/CVE-2011-3405.json | 34 +- 2011/3xxx/CVE-2011-3643.json | 34 +- 2011/3xxx/CVE-2011-3893.json | 170 +++++----- 2011/4xxx/CVE-2011-4593.json | 140 ++++---- 2011/4xxx/CVE-2011-4886.json | 34 +- 2013/0xxx/CVE-2013-0031.json | 34 +- 2013/0xxx/CVE-2013-0283.json | 34 +- 2013/0xxx/CVE-2013-0449.json | 210 ++++++------ 2013/0xxx/CVE-2013-0745.json | 210 ++++++------ 2013/1xxx/CVE-2013-1972.json | 170 +++++----- 2013/1xxx/CVE-2013-1994.json | 150 ++++----- 2013/5xxx/CVE-2013-5115.json | 34 +- 2013/5xxx/CVE-2013-5264.json | 34 +- 2013/5xxx/CVE-2013-5630.json | 34 +- 2013/5xxx/CVE-2013-5741.json | 140 ++++---- 2013/5xxx/CVE-2013-5756.json | 120 +++---- 2014/2xxx/CVE-2014-2187.json | 34 +- 2014/2xxx/CVE-2014-2473.json | 130 ++++---- 2014/2xxx/CVE-2014-2757.json | 140 ++++---- 2017/0xxx/CVE-2017-0006.json | 140 ++++---- 2017/0xxx/CVE-2017-0151.json | 140 ++++---- 2017/0xxx/CVE-2017-0447.json | 140 ++++---- 2017/0xxx/CVE-2017-0498.json | 164 ++++----- 2017/0xxx/CVE-2017-0919.json | 122 +++---- 2017/0xxx/CVE-2017-0936.json | 132 ++++---- 2017/1000xxx/CVE-2017-1000004.json | 142 ++++---- 2017/1000xxx/CVE-2017-1000074.json | 120 +++---- 2017/1000xxx/CVE-2017-1000509.json | 124 +++---- 2017/12xxx/CVE-2017-12629.json | 300 ++++++++--------- 2017/12xxx/CVE-2017-12669.json | 130 ++++---- 2017/16xxx/CVE-2017-16087.json | 34 +- 2017/16xxx/CVE-2017-16288.json | 34 +- 2017/16xxx/CVE-2017-16364.json | 140 ++++---- 2017/16xxx/CVE-2017-16366.json | 140 ++++---- 2017/16xxx/CVE-2017-16374.json | 140 ++++---- 2017/1xxx/CVE-2017-1488.json | 520 ++++++++++++++--------------- 2017/4xxx/CVE-2017-4051.json | 34 +- 2017/4xxx/CVE-2017-4141.json | 34 +- 2017/4xxx/CVE-2017-4326.json | 34 +- 2017/4xxx/CVE-2017-4651.json | 34 +- 2017/4xxx/CVE-2017-4736.json | 34 +- 2018/5xxx/CVE-2018-5148.json | 224 ++++++------- 2018/5xxx/CVE-2018-5385.json | 162 ++++----- 2018/5xxx/CVE-2018-5475.json | 130 ++++---- 2018/5xxx/CVE-2018-5808.json | 150 ++++----- 65 files changed, 4384 insertions(+), 4384 deletions(-) diff --git a/2001/0xxx/CVE-2001-0010.json b/2001/0xxx/CVE-2001-0010.json index cf1286edc9a..7ca38357290 100644 --- a/2001/0xxx/CVE-2001-0010.json +++ b/2001/0xxx/CVE-2001-0010.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010129 Vulnerabilities in BIND 4 and 8", - "refsource" : "NAI", - "url" : "http://www.nai.com/research/covert/advisories/047.asp" - }, - { - "name" : "CA-2001-02", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-02.html" - }, - { - "name" : "DSA-026", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-026" - }, - { - "name" : "RHSA-2001:007", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-007.html" - }, - { - "name" : "2302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2302" + }, + { + "name": "RHSA-2001:007", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-007.html" + }, + { + "name": "DSA-026", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-026" + }, + { + "name": "20010129 Vulnerabilities in BIND 4 and 8", + "refsource": "NAI", + "url": "http://www.nai.com/research/covert/advisories/047.asp" + }, + { + "name": "CA-2001-02", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0149.json b/2001/0xxx/CVE-2001-0149.json index f4422e35ca6..58ebe69faa6 100644 --- a/2001/0xxx/CVE-2001-0149.json +++ b/2001/0xxx/CVE-2001-0149.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html" - }, - { - "name" : "20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=96999020527583&w=2" - }, - { - "name" : "MS01-015", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015" - }, - { - "name" : "1718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1718" - }, - { - "name" : "ie-getobject-expose-files(5293)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=96999020527583&w=2" + }, + { + "name": "1718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1718" + }, + { + "name": "20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html" + }, + { + "name": "ie-getobject-expose-files(5293)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5293" + }, + { + "name": "MS01-015", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0218.json b/2001/0xxx/CVE-2001-0218.json index 495d8accc8f..62938aa41e0 100644 --- a/2001/0xxx/CVE-2001-0218.json +++ b/2001/0xxx/CVE-2001-0218.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010126 format string vulnerability in mars_nwe 0.99pl19", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0456.html" - }, - { - "name" : "FreeBSD-SA-01:20", - "refsource" : "FREEBSD", - "url" : "http://archives.neohapsis.com/archives/freebsd/2001-02/0081.html" - }, - { - "name" : "mars-nwe-format-string(6019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mars-nwe-format-string(6019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6019" + }, + { + "name": "20010126 format string vulnerability in mars_nwe 0.99pl19", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0456.html" + }, + { + "name": "FreeBSD-SA-01:20", + "refsource": "FREEBSD", + "url": "http://archives.neohapsis.com/archives/freebsd/2001-02/0081.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0239.json b/2001/0xxx/CVE-2001-0239.json index a9df2f0746d..8688fec7579 100644 --- a/2001/0xxx/CVE-2001-0239.json +++ b/2001/0xxx/CVE-2001-0239.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010416 [SX-20010320-2] - Microsoft ISA Server Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/176912" - }, - { - "name" : "20010427 Microsoft ISA Server Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/179986" - }, - { - "name" : "20010417 [SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/177160" - }, - { - "name" : "MS01-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-021" - }, - { - "name" : "L-073", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-073.shtml" - }, - { - "name" : "2600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2600" - }, - { - "name" : "isa-web-proxy-dos(6383)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010416 [SX-20010320-2] - Microsoft ISA Server Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/176912" + }, + { + "name": "20010417 [SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/177160" + }, + { + "name": "MS01-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-021" + }, + { + "name": "20010427 Microsoft ISA Server Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/179986" + }, + { + "name": "2600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2600" + }, + { + "name": "isa-web-proxy-dos(6383)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6383" + }, + { + "name": "L-073", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-073.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0376.json b/2001/0xxx/CVE-2001-0376.json index 30feb7ac8e5..4635e6bf817 100644 --- a/2001/0xxx/CVE-2001-0376.json +++ b/2001/0xxx/CVE-2001-0376.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010327 SonicWall IKE pre-shared key length bug and security concern", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0403.html" - }, - { - "name" : "sonicwall-ike-shared-keys(6304)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010327 SonicWall IKE pre-shared key length bug and security concern", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0403.html" + }, + { + "name": "sonicwall-ike-shared-keys(6304)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6304" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0438.json b/2001/0xxx/CVE-2001-0438.json index 1e0324c38d0..707f1180fc5 100644 --- a/2001/0xxx/CVE-2001-0438.json +++ b/2001/0xxx/CVE-2001-0438.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010418 Hole in Netopia's Mac OS X Timbuktu", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0337.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010418 Hole in Netopia's Mac OS X Timbuktu", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0337.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0538.json b/2001/0xxx/CVE-2001-0538.json index f2c74ab545d..46caf0100f6 100644 --- a/2001/0xxx/CVE-2001-0538.json +++ b/2001/0xxx/CVE-2001-0538.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99496431214078&w=2" - }, - { - "name" : "20010712 Vulnerability in IE/Outlook ActiveX control", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=862" - }, - { - "name" : "MS01-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-038" - }, - { - "name" : "L-113", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-113.shtml" - }, - { - "name" : "VU#131569", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/131569" - }, - { - "name" : "outlook-activex-view-control(6831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6831" - }, - { - "name" : "3025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99496431214078&w=2" + }, + { + "name": "3025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3025" + }, + { + "name": "MS01-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-038" + }, + { + "name": "outlook-activex-view-control(6831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6831" + }, + { + "name": "L-113", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-113.shtml" + }, + { + "name": "VU#131569", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/131569" + }, + { + "name": "20010712 Vulnerability in IE/Outlook ActiveX control", + "refsource": "NTBUGTRAQ", + "url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=862" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1463.json b/2001/1xxx/CVE-2001-1463.json index 515b5857142..68cf8fd40a2 100644 --- a/2001/1xxx/CVE-2001-1463.json +++ b/2001/1xxx/CVE-2001-1463.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#279763", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/279763" - }, - { - "name" : "1002882", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1002882" - }, - { - "name" : "servu-ftp-plaintext-password(7925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "servu-ftp-plaintext-password(7925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7925" + }, + { + "name": "VU#279763", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/279763" + }, + { + "name": "1002882", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1002882" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2060.json b/2006/2xxx/CVE-2006-2060.json index 2af049a566e..7f6696d406b 100644 --- a/2006/2xxx/CVE-2006-2060.json +++ b/2006/2xxx/CVE-2006-2060.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060425 Invision Vulnerabilities, including remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431990/100/0/threaded" - }, - { - "name" : "20060427 Re: Invision Vulnerabilities, including remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432226/100/0/threaded" - }, - { - "name" : "20060710 Re: RE: Invision Vulnerabilities, including remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439607/100/0/threaded" - }, - { - "name" : "http://forums.invisionpower.com/index.php?showtopic=213374", - "refsource" : "CONFIRM", - "url" : "http://forums.invisionpower.com/index.php?showtopic=213374" - }, - { - "name" : "ADV-2006-1534", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1534" - }, - { - "name" : "25008", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25008" - }, - { - "name" : "19830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19830" - }, - { - "name" : "796", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/796" - }, - { - "name" : "invision-admin-file-include(26072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "invision-admin-file-include(26072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26072" + }, + { + "name": "20060427 Re: Invision Vulnerabilities, including remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded" + }, + { + "name": "796", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/796" + }, + { + "name": "19830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19830" + }, + { + "name": "25008", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25008" + }, + { + "name": "ADV-2006-1534", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1534" + }, + { + "name": "20060425 Invision Vulnerabilities, including remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded" + }, + { + "name": "20060710 Re: RE: Invision Vulnerabilities, including remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded" + }, + { + "name": "http://forums.invisionpower.com/index.php?showtopic=213374", + "refsource": "CONFIRM", + "url": "http://forums.invisionpower.com/index.php?showtopic=213374" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2110.json b/2006/2xxx/CVE-2006-2110.json index 9264b07e884..d461ce50e67 100644 --- a/2006/2xxx/CVE-2006-2110.json +++ b/2006/2xxx/CVE-2006-2110.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Vserver] 20060428 [SECURITY] ccaps not limited to root inside a guest", - "refsource" : "MLIST", - "url" : "http://list.linux-vserver.org/archive/vserver/msg13167.html" - }, - { - "name" : "http://dev.croup.de/proj/gentoo-vps/browser/vserver-sources/2.0.1-r4/4915_vs2.0.1-vxcapable-fix.patch", - "refsource" : "CONFIRM", - "url" : "http://dev.croup.de/proj/gentoo-vps/browser/vserver-sources/2.0.1-r4/4915_vs2.0.1-vxcapable-fix.patch" - }, - { - "name" : "DSA-1060", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1060" - }, - { - "name" : "17842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17842" - }, - { - "name" : "ADV-2006-1661", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1661" - }, - { - "name" : "19961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19961" - }, - { - "name" : "20206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20206" - }, - { - "name" : "linux-vserver-ccaps-privilege-escalation(26285)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Vserver] 20060428 [SECURITY] ccaps not limited to root inside a guest", + "refsource": "MLIST", + "url": "http://list.linux-vserver.org/archive/vserver/msg13167.html" + }, + { + "name": "17842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17842" + }, + { + "name": "DSA-1060", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1060" + }, + { + "name": "ADV-2006-1661", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1661" + }, + { + "name": "19961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19961" + }, + { + "name": "20206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20206" + }, + { + "name": "linux-vserver-ccaps-privilege-escalation(26285)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26285" + }, + { + "name": "http://dev.croup.de/proj/gentoo-vps/browser/vserver-sources/2.0.1-r4/4915_vs2.0.1-vxcapable-fix.patch", + "refsource": "CONFIRM", + "url": "http://dev.croup.de/proj/gentoo-vps/browser/vserver-sources/2.0.1-r4/4915_vs2.0.1-vxcapable-fix.patch" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2862.json b/2006/2xxx/CVE-2006-2862.json index 390d8a6711e..82d82fca5d8 100644 --- a/2006/2xxx/CVE-2006-2862.json +++ b/2006/2xxx/CVE-2006-2862.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/particle-gallery-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/particle-gallery-sql-inj.html" - }, - { - "name" : "18270", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18270" - }, - { - "name" : "ADV-2006-2121", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2121" - }, - { - "name" : "25953", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25953" - }, - { - "name" : "20427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18270", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18270" + }, + { + "name": "ADV-2006-2121", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2121" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/particle-gallery-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/particle-gallery-sql-inj.html" + }, + { + "name": "20427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20427" + }, + { + "name": "25953", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25953" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2903.json b/2006/2xxx/CVE-2006-2903.json index 5b78cc57696..e41b328d42b 100644 --- a/2006/2xxx/CVE-2006-2903.json +++ b/2006/2xxx/CVE-2006-2903.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060606 Partial Links v1.2.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436112/100/0/threaded" - }, - { - "name" : "18344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18344" - }, - { - "name" : "ADV-2006-2169", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2169" - }, - { - "name" : "20491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20491" - }, - { - "name" : "particlelinks-admin-xss(26957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20491" + }, + { + "name": "20060606 Partial Links v1.2.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436112/100/0/threaded" + }, + { + "name": "18344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18344" + }, + { + "name": "ADV-2006-2169", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2169" + }, + { + "name": "particlelinks-admin-xss(26957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26957" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6051.json b/2006/6xxx/CVE-2006-6051.json index ea365f88dd1..2a78c274cd7 100644 --- a/2006/6xxx/CVE-2006-6051.json +++ b/2006/6xxx/CVE-2006-6051.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061117 MosReporter Joomla Component Remote File Inclusion Exploi", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451960/100/0/threaded" - }, - { - "name" : "2807", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2807" - }, - { - "name" : "21160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21160" - }, - { - "name" : "mosreporter-reporter-file-include(30410)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mosreporter-reporter-file-include(30410)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30410" + }, + { + "name": "20061117 MosReporter Joomla Component Remote File Inclusion Exploi", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451960/100/0/threaded" + }, + { + "name": "2807", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2807" + }, + { + "name": "21160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21160" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6722.json b/2006/6xxx/CVE-2006-6722.json index 523a55c0fe6..8fb8634f122 100644 --- a/2006/6xxx/CVE-2006-6722.json +++ b/2006/6xxx/CVE-2006-6722.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/21625.html", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/21625.html" - }, - { - "name" : "2938", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2938" - }, - { - "name" : "21625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21625" - }, - { - "name" : "bandsite-admin-security-bypass(30921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21625" + }, + { + "name": "bandsite-admin-security-bypass(30921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30921" + }, + { + "name": "2938", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2938" + }, + { + "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/21625.html", + "refsource": "MISC", + "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/21625.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2066.json b/2011/2xxx/CVE-2011-2066.json index 487b478a6a2..3cfdce60dec 100644 --- a/2011/2xxx/CVE-2011-2066.json +++ b/2011/2xxx/CVE-2011-2066.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2066", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2066", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2346.json b/2011/2xxx/CVE-2011-2346.json index 077e0f9b5c0..dc02f1a4c01 100644 --- a/2011/2xxx/CVE-2011-2346.json +++ b/2011/2xxx/CVE-2011-2346.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=84355", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=84355" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html" - }, - { - "name" : "oval:org.mitre.oval:def:14103", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14103" - }, - { - "name" : "1025730", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025730" - }, - { - "name" : "45097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html" + }, + { + "name": "45097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45097" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=84355", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=84355" + }, + { + "name": "1025730", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025730" + }, + { + "name": "oval:org.mitre.oval:def:14103", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14103" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2451.json b/2011/2xxx/CVE-2011-2451.json index 3dea489b0bd..34cab1fec4e 100644 --- a/2011/2xxx/CVE-2011-2451.json +++ b/2011/2xxx/CVE-2011-2451.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html" - }, - { - "name" : "GLSA-201204-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml" - }, - { - "name" : "RHSA-2011:1445", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1445.html" - }, - { - "name" : "SUSE-SA:2011:043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html" - }, - { - "name" : "SUSE-SU-2011:1244", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html" - }, - { - "name" : "openSUSE-SU-2011:1240", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html" - }, - { - "name" : "oval:org.mitre.oval:def:13961", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13961" - }, - { - "name" : "oval:org.mitre.oval:def:15759", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15759" - }, - { - "name" : "48819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2011:1240", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html" + }, + { + "name": "SUSE-SA:2011:043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html" + }, + { + "name": "SUSE-SU-2011:1244", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html" + }, + { + "name": "GLSA-201204-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-07.xml" + }, + { + "name": "oval:org.mitre.oval:def:15759", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15759" + }, + { + "name": "RHSA-2011:1445", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1445.html" + }, + { + "name": "oval:org.mitre.oval:def:13961", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13961" + }, + { + "name": "48819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48819" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-28.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2643.json b/2011/2xxx/CVE-2011-2643.json index 5b2f4bf17fc..5faddbda789 100644 --- a/2011/2xxx/CVE-2011-2643.json +++ b/2011/2xxx/CVE-2011-2643.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c", - "refsource" : "CONFIRM", - "url" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=725382", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=725382" - }, - { - "name" : "FEDORA-2011-9725", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html" - }, - { - "name" : "FEDORA-2011-9734", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html" - }, - { - "name" : "MDVSA-2011:124", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124" - }, - { - "name" : "48874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48874" - }, - { - "name" : "45365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45365" - }, - { - "name" : "45515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45515" - }, - { - "name" : "phpmyadmin-mimetype-file-include(68767)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php" + }, + { + "name": "45515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45515" + }, + { + "name": "45365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45365" + }, + { + "name": "48874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48874" + }, + { + "name": "MDVSA-2011:124", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124" + }, + { + "name": "phpmyadmin-mimetype-file-include(68767)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68767" + }, + { + "name": "FEDORA-2011-9725", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=725382", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725382" + }, + { + "name": "FEDORA-2011-9734", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html" + }, + { + "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c", + "refsource": "CONFIRM", + "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2672.json b/2011/2xxx/CVE-2011-2672.json index adee8740473..40a133e593b 100644 --- a/2011/2xxx/CVE-2011-2672.json +++ b/2011/2xxx/CVE-2011-2672.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-2672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/projects/semanticscuttle/files/SemanticScuttle/v0.98/SemanticScuttle-0.98.0.zip/download", - "refsource" : "MISC", - "url" : "http://sourceforge.net/projects/semanticscuttle/files/SemanticScuttle/v0.98/SemanticScuttle-0.98.0.zip/download" - }, - { - "name" : "JVN#28973089", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN28973089/index.html" - }, - { - "name" : "JVNDB-2011-000074", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000074" - }, - { - "name" : "49661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49661" - }, - { - "name" : "75585", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75585" - }, - { - "name" : "46031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46031" - }, - { - "name" : "semanticscuttle-bookmarks-xss(69900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49661" + }, + { + "name": "semanticscuttle-bookmarks-xss(69900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69900" + }, + { + "name": "JVNDB-2011-000074", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000074" + }, + { + "name": "75585", + "refsource": "OSVDB", + "url": "http://osvdb.org/75585" + }, + { + "name": "JVN#28973089", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN28973089/index.html" + }, + { + "name": "http://sourceforge.net/projects/semanticscuttle/files/SemanticScuttle/v0.98/SemanticScuttle-0.98.0.zip/download", + "refsource": "MISC", + "url": "http://sourceforge.net/projects/semanticscuttle/files/SemanticScuttle/v0.98/SemanticScuttle-0.98.0.zip/download" + }, + { + "name": "46031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46031" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3048.json b/2011/3xxx/CVE-2011-3048.json index 79a126256f0..983879b329d 100644 --- a/2011/3xxx/CVE-2011-3048.json +++ b/2011/3xxx/CVE-2011-3048.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.libpng.org/pub/png/libpng.html", - "refsource" : "CONFIRM", - "url" : "http://www.libpng.org/pub/png/libpng.html" - }, - { - "name" : "http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt", - "refsource" : "CONFIRM", - "url" : "http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt" - }, - { - "name" : "http://support.apple.com/kb/HT5501", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5501" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" - }, - { - "name" : "DSA-2446", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2446" - }, - { - "name" : "FEDORA-2012-5515", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html" - }, - { - "name" : "FEDORA-2012-5518", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html" - }, - { - "name" : "FEDORA-2012-5526", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html" - }, - { - "name" : "FEDORA-2012-4902", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html" - }, - { - "name" : "FEDORA-2012-5079", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html" - }, - { - "name" : "FEDORA-2012-5080", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html" - }, - { - "name" : "GLSA-201206-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-15.xml" - }, - { - "name" : "MDVSA-2012:046", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:046" - }, - { - "name" : "RHSA-2012:0523", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0523.html" - }, - { - "name" : "USN-1417-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1417-1" - }, - { - "name" : "52830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52830" - }, - { - "name" : "80822", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80822" - }, - { - "name" : "1026879", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026879" - }, - { - "name" : "48587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48587" - }, - { - "name" : "48644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48644" - }, - { - "name" : "48665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48665" - }, - { - "name" : "48721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48721" - }, - { - "name" : "48983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48983" - }, - { - "name" : "49660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49660" - }, - { - "name" : "libpng-pngsettext2-code-execution(74494)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49660" + }, + { + "name": "48983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48983" + }, + { + "name": "RHSA-2012:0523", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0523.html" + }, + { + "name": "libpng-pngsettext2-code-execution(74494)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74494" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "52830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52830" + }, + { + "name": "http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt", + "refsource": "CONFIRM", + "url": "http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt" + }, + { + "name": "DSA-2446", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2446" + }, + { + "name": "GLSA-201206-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-15.xml" + }, + { + "name": "MDVSA-2012:046", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:046" + }, + { + "name": "48587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48587" + }, + { + "name": "http://www.libpng.org/pub/png/libpng.html", + "refsource": "CONFIRM", + "url": "http://www.libpng.org/pub/png/libpng.html" + }, + { + "name": "80822", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80822" + }, + { + "name": "FEDORA-2012-5526", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html" + }, + { + "name": "48644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48644" + }, + { + "name": "FEDORA-2012-5079", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html" + }, + { + "name": "APPLE-SA-2012-09-19-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT5501", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5501" + }, + { + "name": "FEDORA-2012-5515", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html" + }, + { + "name": "FEDORA-2012-5080", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html" + }, + { + "name": "1026879", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026879" + }, + { + "name": "FEDORA-2012-5518", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html" + }, + { + "name": "48665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48665" + }, + { + "name": "FEDORA-2012-4902", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html" + }, + { + "name": "48721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48721" + }, + { + "name": "USN-1417-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1417-1" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3405.json b/2011/3xxx/CVE-2011-3405.json index 3337a1bd1b6..d6298be48a1 100644 --- a/2011/3xxx/CVE-2011-3405.json +++ b/2011/3xxx/CVE-2011-3405.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3405", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-3405", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3643.json b/2011/3xxx/CVE-2011-3643.json index c74f1e122b1..033f42f2814 100644 --- a/2011/3xxx/CVE-2011-3643.json +++ b/2011/3xxx/CVE-2011-3643.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3643", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3643", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3893.json b/2011/3xxx/CVE-2011-3893.json index 4cd9e767392..2667183e5aa 100644 --- a/2011/3xxx/CVE-2011-3893.json +++ b/2011/3xxx/CVE-2011-3893.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=100492", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=100492" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=100543", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=100543" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14267", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14267" - }, - { - "name" : "46933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46933" - }, - { - "name" : "49089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html" + }, + { + "name": "49089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49089" + }, + { + "name": "46933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46933" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=100492", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=100492" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=100543", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=100543" + }, + { + "name": "oval:org.mitre.oval:def:14267", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14267" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4593.json b/2011/4xxx/CVE-2011-4593.json index b3af8c1ab68..437f9987a22 100644 --- a/2011/4xxx/CVE-2011-4593.json +++ b/2011/4xxx/CVE-2011-4593.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=e94113a859015a4a80b9397957b8fc4044e2951f", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=e94113a859015a4a80b9397957b8fc4044e2951f" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=191762", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=191762" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=761248", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761248" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=e94113a859015a4a80b9397957b8fc4044e2951f", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=e94113a859015a4a80b9397957b8fc4044e2951f" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=191762", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=191762" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4886.json b/2011/4xxx/CVE-2011-4886.json index 7937e2d4957..a8aca58e40a 100644 --- a/2011/4xxx/CVE-2011-4886.json +++ b/2011/4xxx/CVE-2011-4886.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4886", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4886", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0031.json b/2013/0xxx/CVE-2013-0031.json index 45c4baecd81..330d040fb3a 100644 --- a/2013/0xxx/CVE-2013-0031.json +++ b/2013/0xxx/CVE-2013-0031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0031", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0031", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0283.json b/2013/0xxx/CVE-2013-0283.json index 1b7758d34ba..2405b374acb 100644 --- a/2013/0xxx/CVE-2013-0283.json +++ b/2013/0xxx/CVE-2013-0283.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0283", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0283", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0449.json b/2013/0xxx/CVE-2013-0449.json index 091ff25eb65..5950c3d4ee2 100644 --- a/2013/0xxx/CVE-2013-0449.json +++ b/2013/0xxx/CVE-2013-0449.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "oval:org.mitre.oval:def:16610", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16610" - }, - { - "name" : "oval:org.mitre.oval:def:19123", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19123", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19123" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "oval:org.mitre.oval:def:16610", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16610" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0745.json b/2013/0xxx/CVE-2013-0745.json index 2719faea99b..2dfe3ef083f 100644 --- a/2013/0xxx/CVE-2013-0745.json +++ b/2013/0xxx/CVE-2013-0745.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-08.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=794158", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=794158" - }, - { - "name" : "SUSE-SU-2013:0048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" - }, - { - "name" : "SUSE-SU-2013:0049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0131", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0149", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" - }, - { - "name" : "USN-1681-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-1" - }, - { - "name" : "USN-1681-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-2" - }, - { - "name" : "USN-1681-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-4" - }, - { - "name" : "oval:org.mitre.oval:def:17061", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=794158", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794158" + }, + { + "name": "openSUSE-SU-2013:0131", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" + }, + { + "name": "USN-1681-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-4" + }, + { + "name": "SUSE-SU-2013:0049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" + }, + { + "name": "USN-1681-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-1" + }, + { + "name": "openSUSE-SU-2013:0149", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-08.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-08.html" + }, + { + "name": "oval:org.mitre.oval:def:17061", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17061" + }, + { + "name": "USN-1681-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1972.json b/2013/1xxx/CVE-2013-1972.json index bf2162a4594..717579a9b90 100644 --- a/2013/1xxx/CVE-2013-1972.json +++ b/2013/1xxx/CVE-2013-1972.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130417 [Security-news] SA-CONTRIB-2013-044 - elFinder file manager - Cross Site Request Forgery (CSRF)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0237.html" - }, - { - "name" : "https://drupal.org/node/1972942", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1972942" - }, - { - "name" : "https://drupal.org/node/1972082", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1972082" - }, - { - "name" : "https://drupal.org/node/1972084", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1972084" - }, - { - "name" : "92533", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92533" - }, - { - "name" : "drupal-elfinderfilemanager-unspecified-csrf(83651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130417 [Security-news] SA-CONTRIB-2013-044 - elFinder file manager - Cross Site Request Forgery (CSRF)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0237.html" + }, + { + "name": "https://drupal.org/node/1972942", + "refsource": "MISC", + "url": "https://drupal.org/node/1972942" + }, + { + "name": "drupal-elfinderfilemanager-unspecified-csrf(83651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83651" + }, + { + "name": "https://drupal.org/node/1972084", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1972084" + }, + { + "name": "https://drupal.org/node/1972082", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1972082" + }, + { + "name": "92533", + "refsource": "OSVDB", + "url": "http://osvdb.org/92533" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1994.json b/2013/1xxx/CVE-2013-1994.json index 3a891807787..b6f3715a084 100644 --- a/2013/1xxx/CVE-2013-1994.json +++ b/2013/1xxx/CVE-2013-1994.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3" - }, - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" - }, - { - "name" : "DSA-2679", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2679" - }, - { - "name" : "USN-1871-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1871-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1871-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1871-1" + }, + { + "name": "DSA-2679", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2679" + }, + { + "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5115.json b/2013/5xxx/CVE-2013-5115.json index 31dd8360bc4..5cadb4a47aa 100644 --- a/2013/5xxx/CVE-2013-5115.json +++ b/2013/5xxx/CVE-2013-5115.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5115", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5115", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5264.json b/2013/5xxx/CVE-2013-5264.json index 8c05f846fea..a400b4384e8 100644 --- a/2013/5xxx/CVE-2013-5264.json +++ b/2013/5xxx/CVE-2013-5264.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5264", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5264", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5630.json b/2013/5xxx/CVE-2013-5630.json index 6f60ffacbe1..138bccf5c85 100644 --- a/2013/5xxx/CVE-2013-5630.json +++ b/2013/5xxx/CVE-2013-5630.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5630", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5630", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5741.json b/2013/5xxx/CVE-2013-5741.json index 40b5104d32e..7ac0db155ce 100644 --- a/2013/5xxx/CVE-2013-5741.json +++ b/2013/5xxx/CVE-2013-5741.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which allows remote attackers to cause a denial of service (transition to the interrupt state) via a crafted packet to TCP port 502." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.ixiacom.com/ixia-blog/hack-scada-zero-day-vulnerability-discovery-on-the-nano-10-plc/", - "refsource" : "MISC", - "url" : "http://blogs.ixiacom.com/ixia-blog/hack-scada-zero-day-vulnerability-discovery-on-the-nano-10-plc/" - }, - { - "name" : "http://osvdb.org/ref/97/tri-nano10.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/97/tri-nano10.txt" - }, - { - "name" : "97728", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/97728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which allows remote attackers to cause a denial of service (transition to the interrupt state) via a crafted packet to TCP port 502." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.ixiacom.com/ixia-blog/hack-scada-zero-day-vulnerability-discovery-on-the-nano-10-plc/", + "refsource": "MISC", + "url": "http://blogs.ixiacom.com/ixia-blog/hack-scada-zero-day-vulnerability-discovery-on-the-nano-10-plc/" + }, + { + "name": "97728", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/97728" + }, + { + "name": "http://osvdb.org/ref/97/tri-nano10.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/97/tri-nano10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5756.json b/2013/5xxx/CVE-2013-5756.json index 40e018b7685..c03eef8dd1c 100644 --- a/2013/5xxx/CVE-2013-5756.json +++ b/2013/5xxx/CVE-2013-5756.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33740", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33740", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33740" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2187.json b/2014/2xxx/CVE-2014-2187.json index 1b385228557..026738cbae2 100644 --- a/2014/2xxx/CVE-2014-2187.json +++ b/2014/2xxx/CVE-2014-2187.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2187", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2187", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2473.json b/2014/2xxx/CVE-2014-2473.json index 3aec2d43c02..19d46df054b 100644 --- a/2014/2xxx/CVE-2014-2473.json +++ b/2014/2xxx/CVE-2014-2473.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv) and SGD SSL Daemon (ttassl)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "1031034", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv) and SGD SSL Daemon (ttassl)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "1031034", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031034" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2757.json b/2014/2xxx/CVE-2014-2757.json index e9ea1990a55..0d4e044afb4 100644 --- a/2014/2xxx/CVE-2014-2757.json +++ b/2014/2xxx/CVE-2014-2757.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-1803." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67842" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-1803." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + }, + { + "name": "67842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67842" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0006.json b/2017/0xxx/CVE-2017-0006.json index 58f87f00064..2ed872349e4 100644 --- a/2017/0xxx/CVE-2017-0006.json +++ b/2017/0xxx/CVE-2017-0006.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "version_value" : "Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office", + "version": { + "version_data": [ + { + "version_value": "Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006" - }, - { - "name" : "96740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96740" - }, - { - "name" : "1038010", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038010", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038010" + }, + { + "name": "96740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96740" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0151.json b/2017/0xxx/CVE-2017-0151.json index e51565451c1..262b39775dd 100644 --- a/2017/0xxx/CVE-2017-0151.json +++ b/2017/0xxx/CVE-2017-0151.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Browser", - "version" : { - "version_data" : [ - { - "version_value" : "Browser" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0150." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "Browser" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0151", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0151" - }, - { - "name" : "96727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96727" - }, - { - "name" : "1038006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0150." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96727" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0151", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0151" + }, + { + "name": "1038006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038006" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0447.json b/2017/0xxx/CVE-2017-0447.json index f894c6f338e..735f820866c 100644 --- a/2017/0xxx/CVE-2017-0447.json +++ b/2017/0xxx/CVE-2017-0447.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96054" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96054" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0498.json b/2017/0xxx/CVE-2017-0498.json index 699b508b6d7..2f27f8e802d 100644 --- a/2017/0xxx/CVE-2017-0498.json +++ b/2017/0xxx/CVE-2017-0498.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96793" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96793" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0919.json b/2017/0xxx/CVE-2017-0919.json index ad8c77c23fc..203c434030d 100644 --- a/2017/0xxx/CVE-2017-0919.json +++ b/2017/0xxx/CVE-2017-0919.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-05-24T00:00:00", - "ID" : "CVE-2017-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-05-24T00:00:00", + "ID": "CVE-2017-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/301137", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/301137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/301137", + "refsource": "MISC", + "url": "https://hackerone.com/reports/301137" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0936.json b/2017/0xxx/CVE-2017-0936.json index 5a2cb05749b..5580fabc9da 100644 --- a/2017/0xxx/CVE-2017-0936.json +++ b/2017/0xxx/CVE-2017-0936.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-02-07T00:00:00", - "ID" : "CVE-2017-0936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server", - "version" : { - "version_data" : [ - { - "version_value" : "before 11.0.7 and 12.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "Nextcloud" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authorization Bypass Through User-Controlled Key (CWE-639)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-02-07T00:00:00", + "ID": "CVE-2017-0936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "before 11.0.7 and 12.0.5" + } + ] + } + } + ] + }, + "vendor_name": "Nextcloud" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/297751", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/297751" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001", - "refsource" : "CONFIRM", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization Bypass Through User-Controlled Key (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/297751", + "refsource": "MISC", + "url": "https://hackerone.com/reports/297751" + }, + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001", + "refsource": "CONFIRM", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000004.json b/2017/1000xxx/CVE-2017-1000004.json index 427c411aa56..4f736cdcb7b 100644 --- a/2017/1000xxx/CVE-2017-1000004.json +++ b/2017/1000xxx/CVE-2017-1000004.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000004", - "REQUESTER" : "mattd@bugfuzz.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ATutor", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "ATutor" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000004", + "REQUESTER": "mattd@bugfuzz.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55", - "refsource" : "CONFIRM", - "url" : "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55" - }, - { - "name" : "http://www.atutor.ca/atutor/mantis/view.php?id=5681", - "refsource" : "CONFIRM", - "url" : "http://www.atutor.ca/atutor/mantis/view.php?id=5681" - }, - { - "name" : "99599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99599" + }, + { + "name": "http://www.atutor.ca/atutor/mantis/view.php?id=5681", + "refsource": "CONFIRM", + "url": "http://www.atutor.ca/atutor/mantis/view.php?id=5681" + }, + { + "name": "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55", + "refsource": "CONFIRM", + "url": "http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000074.json b/2017/1000xxx/CVE-2017-1000074.json index 366903faa53..42943e8f3ac 100644 --- a/2017/1000xxx/CVE-2017-1000074.json +++ b/2017/1000xxx/CVE-2017-1000074.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/marcobambini/gravity/issues/131", - "refsource" : "CONFIRM", - "url" : "https://github.com/marcobambini/gravity/issues/131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/marcobambini/gravity/issues/131", + "refsource": "CONFIRM", + "url": "https://github.com/marcobambini/gravity/issues/131" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000509.json b/2017/1000xxx/CVE-2017-1000509.json index cbe7be4615c..5bb01362b24 100644 --- a/2017/1000xxx/CVE-2017-1000509.json +++ b/2017/1000xxx/CVE-2017-1000509.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "12/29/2017 15:48:33", - "ID" : "CVE-2017-1000509", - "REQUESTER" : "sajeeb.lohani@bulletproof.sh", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dolibarr", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Dolibarr" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "12/29/2017 15:48:33", + "ID": "CVE-2017-1000509", + "REQUESTER": "sajeeb.lohani@bulletproof.sh", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Dolibarr/dolibarr/issues/7727", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/issues/7727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Dolibarr/dolibarr/issues/7727", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/issues/7727" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12629.json b/2017/12xxx/CVE-2017-12629.json index 8d7db3df8c1..b871f8cf9fd 100644 --- a/2017/12xxx/CVE-2017-12629.json +++ b/2017/12xxx/CVE-2017-12629.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-12629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Solr before 7.1 with Apache Lucene before 7.1", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Solr before 7.1 with Apache Lucene before 7.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-12629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Solr before 7.1 with Apache Lucene before 7.1", + "version": { + "version_data": [ + { + "version_value": "Apache Solr before 7.1 with Apache Lucene before 7.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43009", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43009/" - }, - { - "name" : "[lucene-dev] 20171012 Re: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)", - "refsource" : "MLIST", - "url" : "https://s.apache.org/FJDl" - }, - { - "name" : "[www-announce] 20171019 [SECURITY] CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)", - "refsource" : "MLIST", - "url" : "http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E" - }, - { - "name" : "[debian-lts-announce] 20180121 [SECURITY] [DLA 1254-1] lucene-solr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/10/13/1", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/10/13/1" - }, - { - "name" : "https://twitter.com/ApacheSolr/status/918731485611401216", - "refsource" : "MISC", - "url" : "https://twitter.com/ApacheSolr/status/918731485611401216" - }, - { - "name" : "https://twitter.com/joshbressers/status/919258716297420802", - "refsource" : "MISC", - "url" : "https://twitter.com/joshbressers/status/919258716297420802" - }, - { - "name" : "https://twitter.com/searchtools_avi/status/918904813613543424", - "refsource" : "MISC", - "url" : "https://twitter.com/searchtools_avi/status/918904813613543424" - }, - { - "name" : "DSA-4124", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4124" - }, - { - "name" : "RHSA-2017:3123", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3123" - }, - { - "name" : "RHSA-2017:3124", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3124" - }, - { - "name" : "RHSA-2017:3244", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3244" - }, - { - "name" : "RHSA-2017:3451", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3451" - }, - { - "name" : "RHSA-2017:3452", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3452" - }, - { - "name" : "RHSA-2018:0002", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0002" - }, - { - "name" : "RHSA-2018:0003", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0003" - }, - { - "name" : "RHSA-2018:0004", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0004" - }, - { - "name" : "RHSA-2018:0005", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0005" - }, - { - "name" : "101261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3451", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3451" + }, + { + "name": "[lucene-dev] 20171012 Re: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)", + "refsource": "MLIST", + "url": "https://s.apache.org/FJDl" + }, + { + "name": "RHSA-2018:0002", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0002" + }, + { + "name": "101261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101261" + }, + { + "name": "https://twitter.com/ApacheSolr/status/918731485611401216", + "refsource": "MISC", + "url": "https://twitter.com/ApacheSolr/status/918731485611401216" + }, + { + "name": "RHSA-2018:0004", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0004" + }, + { + "name": "RHSA-2017:3452", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3452" + }, + { + "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1254-1] lucene-solr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html" + }, + { + "name": "43009", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43009/" + }, + { + "name": "https://twitter.com/searchtools_avi/status/918904813613543424", + "refsource": "MISC", + "url": "https://twitter.com/searchtools_avi/status/918904813613543424" + }, + { + "name": "RHSA-2018:0003", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0003" + }, + { + "name": "RHSA-2017:3123", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3123" + }, + { + "name": "RHSA-2018:0005", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0005" + }, + { + "name": "RHSA-2017:3244", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3244" + }, + { + "name": "RHSA-2017:3124", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3124" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/10/13/1", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/10/13/1" + }, + { + "name": "[www-announce] 20171019 [SECURITY] CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)", + "refsource": "MLIST", + "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E" + }, + { + "name": "DSA-4124", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4124" + }, + { + "name": "https://twitter.com/joshbressers/status/919258716297420802", + "refsource": "MISC", + "url": "https://twitter.com/joshbressers/status/919258716297420802" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12669.json b/2017/12xxx/CVE-2017-12669.json index 74df8c3a811..3da6c39eb30 100644 --- a/2017/12xxx/CVE-2017-12669.json +++ b/2017/12xxx/CVE-2017-12669.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/3d5ac8c20846871f1eb3068b65f93da7cd33bfd0", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/3d5ac8c20846871f1eb3068b65f93da7cd33bfd0" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/571", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/3d5ac8c20846871f1eb3068b65f93da7cd33bfd0", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/commit/3d5ac8c20846871f1eb3068b65f93da7cd33bfd0" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/571", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/571" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16087.json b/2017/16xxx/CVE-2017-16087.json index 0ed82f810b0..87c65f822c6 100644 --- a/2017/16xxx/CVE-2017-16087.json +++ b/2017/16xxx/CVE-2017-16087.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16087", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16087", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16288.json b/2017/16xxx/CVE-2017-16288.json index 70ced80a3ca..c31e340b9e2 100644 --- a/2017/16xxx/CVE-2017-16288.json +++ b/2017/16xxx/CVE-2017-16288.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16288", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16288", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16364.json b/2017/16xxx/CVE-2017-16364.json index bb4abf1320a..7e754f0014b 100644 --- a/2017/16xxx/CVE-2017-16364.json +++ b/2017/16xxx/CVE-2017-16364.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted Pointer Dereference" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101813" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "101813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101813" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16366.json b/2017/16xxx/CVE-2017-16366.json index da36d86bc1d..c37b6bee274 100644 --- a/2017/16xxx/CVE-2017-16366.json +++ b/2017/16xxx/CVE-2017-16366.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101830" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "101830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101830" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16374.json b/2017/16xxx/CVE-2017-16374.json index 8d7c823e429..d25474d0532 100644 --- a/2017/16xxx/CVE-2017-16374.json +++ b/2017/16xxx/CVE-2017-16374.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101824" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "101824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101824" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1488.json b/2017/1xxx/CVE-2017-1488.json index fbf4e517440..71cff7bd4db 100644 --- a/2017/1xxx/CVE-2017-1488.json +++ b/2017/1xxx/CVE-2017-1488.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-1488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Engineering Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "5.0.x" - } - ] - } - }, - { - "product_name" : "Rational DOORS Next Generation", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "5.0.x" - } - ] - } - }, - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "5.0.x" - } - ] - } - }, - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "5.0.x" - } - ] - } - }, - { - "product_name" : "Rational Software Architect Design Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "5.0.x" - } - ] - } - }, - { - "product_name" : "Rational Team Concert", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "5.0.x" - } - ] - } - }, - { - "product_name" : "Rational Rhapsody Design Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "5.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "3.700", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2017-1488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Engineering Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "5.0.x" + } + ] + } + }, + { + "product_name": "Rational DOORS Next Generation", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "5.0.x" + } + ] + } + }, + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "5.0.x" + } + ] + } + }, + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "5.0.x" + } + ] + } + }, + { + "product_name": "Rational Software Architect Design Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "5.0.x" + } + ] + } + }, + { + "product_name": "Rational Team Concert", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "5.0.x" + } + ] + } + }, + { + "product_name": "Rational Rhapsody Design Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "5.0.x" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715709", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715709" - }, - { - "name" : "ibm-jazz-cve20171488-info-disc(128627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "L", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "3.700", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-jazz-cve20171488-info-disc(128627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627" + }, + { + "name": "https://www-prd-trops.events.ibm.com/node/715709", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715709" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4051.json b/2017/4xxx/CVE-2017-4051.json index 27b5aa21c3e..d4fdf017eb0 100644 --- a/2017/4xxx/CVE-2017-4051.json +++ b/2017/4xxx/CVE-2017-4051.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4051", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-4051", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4141.json b/2017/4xxx/CVE-2017-4141.json index 296e090b330..bf75b0995c8 100644 --- a/2017/4xxx/CVE-2017-4141.json +++ b/2017/4xxx/CVE-2017-4141.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4141", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4141", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4326.json b/2017/4xxx/CVE-2017-4326.json index a15695382ce..138a8842c33 100644 --- a/2017/4xxx/CVE-2017-4326.json +++ b/2017/4xxx/CVE-2017-4326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4326", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4326", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4651.json b/2017/4xxx/CVE-2017-4651.json index 9acc8960ad5..95b0cba564c 100644 --- a/2017/4xxx/CVE-2017-4651.json +++ b/2017/4xxx/CVE-2017-4651.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4651", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4651", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4736.json b/2017/4xxx/CVE-2017-4736.json index 277c07b2e27..6422e051c5d 100644 --- a/2017/4xxx/CVE-2017-4736.json +++ b/2017/4xxx/CVE-2017-4736.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4736", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4736", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5148.json b/2018/5xxx/CVE-2018-5148.json index a6f1955fae3..f31a905fc31 100644 --- a/2018/5xxx/CVE-2018-5148.json +++ b/2018/5xxx/CVE-2018-5148.json @@ -1,114 +1,114 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.7.3" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "59.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free in compositor" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.7.3" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "59.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180327 [SECURITY] [DLA 1321-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00023.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1440717", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1440717" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-10/" - }, - { - "name" : "DSA-4153", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4153" - }, - { - "name" : "RHSA-2018:1098", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1098" - }, - { - "name" : "RHSA-2018:1099", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1099" - }, - { - "name" : "USN-3609-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3609-1/" - }, - { - "name" : "103506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103506" - }, - { - "name" : "1040574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in compositor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:1098", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1098" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440717", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1440717" + }, + { + "name": "USN-3609-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3609-1/" + }, + { + "name": "DSA-4153", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4153" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-10/" + }, + { + "name": "1040574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040574" + }, + { + "name": "[debian-lts-announce] 20180327 [SECURITY] [DLA 1321-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00023.html" + }, + { + "name": "103506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103506" + }, + { + "name": "RHSA-2018:1099", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1099" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5385.json b/2018/5xxx/CVE-2018-5385.json index 961725b7121..a302c5f31e4 100644 --- a/2018/5xxx/CVE-2018-5385.json +++ b/2018/5xxx/CVE-2018-5385.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2018-5385", - "STATE" : "PUBLIC", - "TITLE" : "Navarino Infinity web interface up to version 2.2 is prone to session fixation attacks" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Infinity", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "2.2", - "version_value" : "2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Navarino" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-384" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2018-5385", + "STATE": "PUBLIC", + "TITLE": "Navarino Infinity web interface up to version 2.2 is prone to session fixation attacks" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Infinity", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.2", + "version_value": "2.2" + } + ] + } + } + ] + }, + "vendor_name": "Navarino" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3", - "refsource" : "MISC", - "url" : "https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3" - }, - { - "name" : "https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html" - }, - { - "name" : "VU#184077", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/184077" - }, - { - "name" : "103544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103544" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-384" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html" + }, + { + "name": "https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3", + "refsource": "MISC", + "url": "https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3" + }, + { + "name": "103544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103544" + }, + { + "name": "VU#184077", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/184077" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5475.json b/2018/5xxx/CVE-2018-5475.json index f92c3ce0b31..98172d6ca61 100644 --- a/2018/5xxx/CVE-2018-5475.json +++ b/2018/5xxx/CVE-2018-5475.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-5475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GE D60 Line Distance Relay", - "version" : { - "version_data" : [ - { - "version_value" : "GE D60 Line Distance Relay" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-5475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GE D60 Line Distance Relay", + "version": { + "version_data": [ + { + "version_value": "GE D60 Line Distance Relay" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02" - }, - { - "name" : "103054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02" + }, + { + "name": "103054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103054" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5808.json b/2018/5xxx/CVE-2018-5808.json index b41f0847c97..753fa8d5f7b 100644 --- a/2018/5xxx/CVE-2018-5808.json +++ b/2018/5xxx/CVE-2018-5808.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2018-5808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibRaw", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 0.18.9" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error within the \"find_green()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary code execution through stack-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2018-5808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibRaw", + "version": { + "version_data": [ + { + "version_value": "Prior to 0.18.9" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" - }, - { - "name" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/" - }, - { - "name" : "81800", - "refsource" : "SECUNIA", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/81800/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error within the \"find_green()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary code execution through stack-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" + }, + { + "name": "81800", + "refsource": "SECUNIA", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/81800/" + }, + { + "name": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/" + } + ] + } +} \ No newline at end of file