From 632442292cf59d393d136aefa418b1204b2cc4b9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:12:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0157.json | 130 +++++----- 2001/0xxx/CVE-2001-0255.json | 140 +++++------ 2001/0xxx/CVE-2001-0731.json | 190 +++++++-------- 2001/1xxx/CVE-2001-1356.json | 140 +++++------ 2001/1xxx/CVE-2001-1371.json | 180 +++++++------- 2001/1xxx/CVE-2001-1565.json | 140 +++++------ 2006/2xxx/CVE-2006-2078.json | 200 ++++++++-------- 2006/2xxx/CVE-2006-2543.json | 170 ++++++------- 2006/6xxx/CVE-2006-6144.json | 330 +++++++++++++------------- 2006/6xxx/CVE-2006-6226.json | 150 ++++++------ 2008/5xxx/CVE-2008-5466.json | 34 +-- 2011/2xxx/CVE-2011-2395.json | 140 +++++------ 2011/2xxx/CVE-2011-2789.json | 160 ++++++------- 2011/3xxx/CVE-2011-3269.json | 34 +-- 2011/3xxx/CVE-2011-3345.json | 180 +++++++------- 2011/3xxx/CVE-2011-3958.json | 200 ++++++++-------- 2011/4xxx/CVE-2011-4146.json | 34 +-- 2011/4xxx/CVE-2011-4316.json | 160 ++++++------- 2011/4xxx/CVE-2011-4375.json | 34 +-- 2011/4xxx/CVE-2011-4773.json | 130 +++++----- 2011/4xxx/CVE-2011-4825.json | 160 ++++++------- 2013/0xxx/CVE-2013-0538.json | 140 +++++------ 2013/0xxx/CVE-2013-0791.json | 240 +++++++++---------- 2013/0xxx/CVE-2013-0804.json | 140 +++++------ 2013/5xxx/CVE-2013-5001.json | 120 +++++----- 2013/5xxx/CVE-2013-5006.json | 150 ++++++------ 2013/5xxx/CVE-2013-5014.json | 160 ++++++------- 2013/5xxx/CVE-2013-5295.json | 34 +-- 2014/2xxx/CVE-2014-2253.json | 130 +++++----- 2014/2xxx/CVE-2014-2321.json | 140 +++++------ 2014/2xxx/CVE-2014-2447.json | 120 +++++----- 2014/2xxx/CVE-2014-2535.json | 150 ++++++------ 2014/2xxx/CVE-2014-2576.json | 160 ++++++------- 2017/0xxx/CVE-2017-0613.json | 136 +++++------ 2017/0xxx/CVE-2017-0695.json | 132 +++++------ 2017/0xxx/CVE-2017-0697.json | 132 +++++------ 2017/0xxx/CVE-2017-0755.json | 174 +++++++------- 2017/0xxx/CVE-2017-0842.json | 162 ++++++------- 2017/1000xxx/CVE-2017-1000060.json | 124 +++++----- 2017/1000xxx/CVE-2017-1000161.json | 37 ++- 2017/12xxx/CVE-2017-12273.json | 140 +++++------ 2017/12xxx/CVE-2017-12999.json | 180 +++++++------- 2017/16xxx/CVE-2017-16025.json | 142 +++++------ 2017/16xxx/CVE-2017-16186.json | 132 +++++------ 2017/16xxx/CVE-2017-16505.json | 34 +-- 2017/16xxx/CVE-2017-16575.json | 130 +++++----- 2017/16xxx/CVE-2017-16618.json | 140 +++++------ 2017/4xxx/CVE-2017-4336.json | 34 +-- 2017/4xxx/CVE-2017-4441.json | 34 +-- 2017/4xxx/CVE-2017-4689.json | 34 +-- 2017/4xxx/CVE-2017-4886.json | 34 +-- 2018/5xxx/CVE-2018-5150.json | 368 ++++++++++++++--------------- 2018/5xxx/CVE-2018-5614.json | 34 +-- 2018/5xxx/CVE-2018-5830.json | 152 ++++++------ 54 files changed, 3601 insertions(+), 3604 deletions(-) diff --git a/2001/0xxx/CVE-2001-0157.json b/2001/0xxx/CVE-2001-0157.json index 458c61b65a0..4ca2195e962 100644 --- a/2001/0xxx/CVE-2001-0157.json +++ b/2001/0xxx/CVE-2001-0157.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A030101-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2001/a030101-1.txt" - }, - { - "name" : "palm-debug-bypass-password(6196)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "palm-debug-bypass-password(6196)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6196" + }, + { + "name": "A030101-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2001/a030101-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0255.json b/2001/0xxx/CVE-2001-0255.json index ee6a716e418..86941cbe1e7 100644 --- a/2001/0xxx/CVE-2001-0255.json +++ b/2001/0xxx/CVE-2001-0255.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the \"ls\" command and including the drive letter name (e.g. C:) in the requested pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010119 Multiple Vulnerabilities In FaSTream FTP++ (+ ICS Tftpserver DoS)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98021181215325&w=2" - }, - { - "name" : "2267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2267" - }, - { - "name" : "fastream-ftp-path-disclosure(5977)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the \"ls\" command and including the drive letter name (e.g. C:) in the requested pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fastream-ftp-path-disclosure(5977)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5977" + }, + { + "name": "20010119 Multiple Vulnerabilities In FaSTream FTP++ (+ ICS Tftpserver DoS)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98021181215325&w=2" + }, + { + "name": "2267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2267" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0731.json b/2001/0xxx/CVE-2001-0731.json index 52bf378ca20..7f708dc6c1f 100644 --- a/2001/0xxx/CVE-2001-0731.json +++ b/2001/0xxx/CVE-2001-0731.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the \"M=D\" query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010709 How Google indexed a file with no external link", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/20010709214744.A28765@brasscannon.net" - }, - { - "name" : "http://www.apacheweek.com/issues/01-10-05#security", - "refsource" : "CONFIRM", - "url" : "http://www.apacheweek.com/issues/01-10-05#security" - }, - { - "name" : "MDKSA-2001:077", - "refsource" : "MANDRAKE", - "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:077" - }, - { - "name" : "RHSA-2001:126", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-126.html" - }, - { - "name" : "RHSA-2001:164", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-164.html" - }, - { - "name" : "3009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3009" - }, - { - "name" : "apache-multiviews-directory-listing(8275)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8275" - }, - { - "name" : "20020301-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020301-01-P" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the \"M=D\" query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2001:164", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-164.html" + }, + { + "name": "20020301-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020301-01-P" + }, + { + "name": "http://www.apacheweek.com/issues/01-10-05#security", + "refsource": "CONFIRM", + "url": "http://www.apacheweek.com/issues/01-10-05#security" + }, + { + "name": "MDKSA-2001:077", + "refsource": "MANDRAKE", + "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:077" + }, + { + "name": "RHSA-2001:126", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-126.html" + }, + { + "name": "20010709 How Google indexed a file with no external link", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/20010709214744.A28765@brasscannon.net" + }, + { + "name": "apache-multiviews-directory-listing(8275)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8275" + }, + { + "name": "3009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3009" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1356.json b/2001/1xxx/CVE-2001-1356.json index 8b511553159..0fedd2bd7e9 100644 --- a/2001/1xxx/CVE-2001-1356.json +++ b/2001/1xxx/CVE-2001-1356.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010804 SurgeFTP admin account bruteforcable", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/201951" - }, - { - "name" : "surgeftp-weak-password-encryption(6961)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6961.php" - }, - { - "name" : "3157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "surgeftp-weak-password-encryption(6961)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6961.php" + }, + { + "name": "20010804 SurgeFTP admin account bruteforcable", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/201951" + }, + { + "name": "3157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3157" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1371.json b/2001/1xxx/CVE-2001-1371.json index 533cbe11162..f32c7498c8b 100644 --- a/2001/1xxx/CVE-2001-1371.json +++ b/2001/1xxx/CVE-2001-1371.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020206 Hackproofing Oracle Application Server paper", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101301813117562&w=2" - }, - { - "name" : "http://www.nextgenss.com/papers/hpoas.pdf", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/papers/hpoas.pdf" - }, - { - "name" : "VU#736923", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/736923" - }, - { - "name" : "CA-2002-08", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-08.html" - }, - { - "name" : "http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf", - "refsource" : "CONFIRM", - "url" : "http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf" - }, - { - "name" : "4289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4289" - }, - { - "name" : "oracle-appserver-soap-components(8449)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8449.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020206 Hackproofing Oracle Application Server paper", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101301813117562&w=2" + }, + { + "name": "CA-2002-08", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-08.html" + }, + { + "name": "http://www.nextgenss.com/papers/hpoas.pdf", + "refsource": "MISC", + "url": "http://www.nextgenss.com/papers/hpoas.pdf" + }, + { + "name": "VU#736923", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/736923" + }, + { + "name": "4289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4289" + }, + { + "name": "http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf", + "refsource": "CONFIRM", + "url": "http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf" + }, + { + "name": "oracle-appserver-soap-components(8449)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8449.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1565.json b/2001/1xxx/CVE-2001-1565.json index 860ef2046bf..95f26b0bdda 100644 --- a/2001/1xxx/CVE-2001-1565.json +++ b/2001/1xxx/CVE-2001-1565.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Macsec] 20011229 MacOSX ppp", - "refsource" : "MLIST", - "url" : "http://www.macsecurity.org/pipermail/macsec/2001-December/000299.html" - }, - { - "name" : "3753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3753" - }, - { - "name" : "macos-ppp-auth-disclosure(7750)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7750.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3753" + }, + { + "name": "[Macsec] 20011229 MacOSX ppp", + "refsource": "MLIST", + "url": "http://www.macsecurity.org/pipermail/macsec/2001-December/000299.html" + }, + { + "name": "macos-ppp-auth-disclosure(7750)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7750.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2078.json b/2006/2xxx/CVE-2006-2078.json index 0e727ce15a9..e90e0ae192b 100644 --- a/2006/2xxx/CVE-2006-2078.json +++ b/2006/2xxx/CVE-2006-2078.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000, and E20/E30, allow remote attackers to cause a denial of service via crafted DNS messages that trigger errors in (1) ProxyDNS or (2) PKI-Resolver, as demonstrated by the OUSPG PROTOS DNS test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en" - }, - { - "name" : "http://www.furukawa.co.jp/fitelnet/topic/dns2_attacks.html", - "refsource" : "CONFIRM", - "url" : "http://www.furukawa.co.jp/fitelnet/topic/dns2_attacks.html" - }, - { - "name" : "VU#955777", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/955777" - }, - { - "name" : "17710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17710" - }, - { - "name" : "ADV-2006-1505", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1505" - }, - { - "name" : "ADV-2006-1536", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1536" - }, - { - "name" : "19820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19820" - }, - { - "name" : "dns-improper-request-handling(26081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000, and E20/E30, allow remote attackers to cause a denial of service via crafted DNS messages that trigger errors in (1) ProxyDNS or (2) PKI-Resolver, as demonstrated by the OUSPG PROTOS DNS test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dns-improper-request-handling(26081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" + }, + { + "name": "19820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19820" + }, + { + "name": "VU#955777", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/955777" + }, + { + "name": "ADV-2006-1536", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1536" + }, + { + "name": "17710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17710" + }, + { + "name": "ADV-2006-1505", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1505" + }, + { + "name": "http://www.furukawa.co.jp/fitelnet/topic/dns2_attacks.html", + "refsource": "CONFIRM", + "url": "http://www.furukawa.co.jp/fitelnet/topic/dns2_attacks.html" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2543.json b/2006/2xxx/CVE-2006-2543.json index 0df66a1054c..14192b80f14 100644 --- a/2006/2xxx/CVE-2006-2543.json +++ b/2006/2xxx/CVE-2006-2543.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060519 Xtremescripts Topsites v1.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434568/100/0/threaded" - }, - { - "name" : "18055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18055" - }, - { - "name" : "ADV-2006-1899", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1899" - }, - { - "name" : "25705", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25705" - }, - { - "name" : "20192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20192" - }, - { - "name" : "945", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18055" + }, + { + "name": "25705", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25705" + }, + { + "name": "945", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/945" + }, + { + "name": "20060519 Xtremescripts Topsites v1.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434568/100/0/threaded" + }, + { + "name": "ADV-2006-1899", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1899" + }, + { + "name": "20192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20192" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6144.json b/2006/6xxx/CVE-2006-6144.json index 77076683433..cd776971bcc 100644 --- a/2006/6xxx/CVE-2006-6144.json +++ b/2006/6xxx/CVE-2006-6144.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"mechglue\" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456409/100/0/threaded" - }, - { - "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-925", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-925" - }, - { - "name" : "FEDORA-2007-033", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2375" - }, - { - "name" : "GLSA-200701-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-21.xml" - }, - { - "name" : "OpenPKG-SA-2007.006", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html" - }, - { - "name" : "102772", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1" - }, - { - "name" : "201294", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1" - }, - { - "name" : "SUSE-SA:2007:004", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html" - }, - { - "name" : "TA07-009B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-009B.html" - }, - { - "name" : "VU#831452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/831452" - }, - { - "name" : "21975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21975" - }, - { - "name" : "35151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35151" - }, - { - "name" : "ADV-2007-0111", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0111" - }, - { - "name" : "ADV-2007-0112", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0112" - }, - { - "name" : "31280", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31280" - }, - { - "name" : "1017494", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017494" - }, - { - "name" : "23690", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23690" - }, - { - "name" : "23701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23701" - }, - { - "name" : "23706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23706" - }, - { - "name" : "23903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23903" - }, - { - "name" : "kerberos-gssapi-code-execution(31417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"mechglue\" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kerberos-gssapi-code-execution(31417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31417" + }, + { + "name": "102772", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1" + }, + { + "name": "201294", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1" + }, + { + "name": "TA07-009B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-009B.html" + }, + { + "name": "23690", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23690" + }, + { + "name": "SUSE-SA:2007:004", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html" + }, + { + "name": "1017494", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017494" + }, + { + "name": "23706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23706" + }, + { + "name": "20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456409/100/0/threaded" + }, + { + "name": "23903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23903" + }, + { + "name": "GLSA-200701-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-21.xml" + }, + { + "name": "OpenPKG-SA-2007.006", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html" + }, + { + "name": "FEDORA-2007-033", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2375" + }, + { + "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt" + }, + { + "name": "https://issues.rpath.com/browse/RPL-925", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-925" + }, + { + "name": "ADV-2007-0112", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0112" + }, + { + "name": "31280", + "refsource": "OSVDB", + "url": "http://osvdb.org/31280" + }, + { + "name": "35151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35151" + }, + { + "name": "21975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21975" + }, + { + "name": "ADV-2007-0111", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0111" + }, + { + "name": "VU#831452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/831452" + }, + { + "name": "23701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23701" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6226.json b/2006/6xxx/CVE-2006-6226.json index 3abee96ca11..abba3f39c07 100644 --- a/2006/6xxx/CVE-2006-6226.json +++ b/2006/6xxx/CVE-2006-6226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/neoenginex-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/neoenginex-adv.txt" - }, - { - "name" : "http://www.securiteam.com/securitynews/5MP0N2AIUC.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5MP0N2AIUC.html" - }, - { - "name" : "18696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18696" - }, - { - "name" : "27926", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/neoenginex-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/neoenginex-adv.txt" + }, + { + "name": "18696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18696" + }, + { + "name": "27926", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27926" + }, + { + "name": "http://www.securiteam.com/securitynews/5MP0N2AIUC.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5MP0N2AIUC.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5466.json b/2008/5xxx/CVE-2008-5466.json index 5574c5740fc..0122f317a9c 100644 --- a/2008/5xxx/CVE-2008-5466.json +++ b/2008/5xxx/CVE-2008-5466.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5466", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-5466", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2395.json b/2011/2xxx/CVE-2011-2395.json index 46a70b6e608..c17f222ce6d 100644 --- a/2011/2xxx/CVE-2011-2395.json +++ b/2011/2xxx/CVE-2011-2395.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110523 Bypassing Cisco's ICMPv6 Router Advertisement Guard feature", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/May/446" - }, - { - "name" : "8271", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8271" - }, - { - "name" : "ciscoios-nd-security-bypass(67940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110523 Bypassing Cisco's ICMPv6 Router Advertisement Guard feature", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/May/446" + }, + { + "name": "8271", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8271" + }, + { + "name": "ciscoios-nd-security-bypass(67940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67940" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2789.json b/2011/2xxx/CVE-2011-2789.json index 48ec67c76ec..43c1171337c 100644 --- a/2011/2xxx/CVE-2011-2789.json +++ b/2011/2xxx/CVE-2011-2789.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=85808", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=85808" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" - }, - { - "name" : "74239", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74239" - }, - { - "name" : "oval:org.mitre.oval:def:14751", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14751" - }, - { - "name" : "google-chrome-pepper-ce(68951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=85808", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=85808" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" + }, + { + "name": "74239", + "refsource": "OSVDB", + "url": "http://osvdb.org/74239" + }, + { + "name": "google-chrome-pepper-ce(68951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68951" + }, + { + "name": "oval:org.mitre.oval:def:14751", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14751" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3269.json b/2011/3xxx/CVE-2011-3269.json index b8b6f84d94f..4252265b467 100644 --- a/2011/3xxx/CVE-2011-3269.json +++ b/2011/3xxx/CVE-2011-3269.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3269", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3269", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3345.json b/2011/3xxx/CVE-2011-3345.json index 04c7e0aee85..93ec015104b 100644 --- a/2011/3xxx/CVE-2011-3345.json +++ b/2011/3xxx/CVE-2011-3345.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110906 CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/06/3" - }, - { - "name" : "[oss-security] 20110907 Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/07/1" - }, - { - "name" : "[oss-security] 20110907 Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/07/3" - }, - { - "name" : "http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git;a=commit;h=04bb801a31825d1559c4670253e1bea1291a1af8", - "refsource" : "CONFIRM", - "url" : "http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git;a=commit;h=04bb801a31825d1559c4670253e1bea1291a1af8" - }, - { - "name" : "49486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49486" - }, - { - "name" : "45861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45861" - }, - { - "name" : "ofed-sdpstats-dos(69631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45861" + }, + { + "name": "[oss-security] 20110907 Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/07/1" + }, + { + "name": "[oss-security] 20110907 Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/07/3" + }, + { + "name": "49486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49486" + }, + { + "name": "ofed-sdpstats-dos(69631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69631" + }, + { + "name": "http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git;a=commit;h=04bb801a31825d1559c4670253e1bea1291a1af8", + "refsource": "CONFIRM", + "url": "http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git;a=commit;h=04bb801a31825d1559c4670253e1bea1291a1af8" + }, + { + "name": "[oss-security] 20110906 CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/06/3" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3958.json b/2011/3xxx/CVE-2011-3958.json index 6bbbf1bd669..aa0d4d89ee8 100644 --- a/2011/3xxx/CVE-2011-3958.json +++ b/2011/3xxx/CVE-2011-3958.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=105459", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=105459" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:14948", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "oval:org.mitre.oval:def:14948", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14948" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=105459", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=105459" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4146.json b/2011/4xxx/CVE-2011-4146.json index 8239c815cb4..35476b4d52f 100644 --- a/2011/4xxx/CVE-2011-4146.json +++ b/2011/4xxx/CVE-2011-4146.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4146", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4146", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4316.json b/2011/4xxx/CVE-2011-4316.json index ef51e909c3e..24ed94ffc07 100644 --- a/2011/4xxx/CVE-2011-4316.json +++ b/2011/4xxx/CVE-2011-4316.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=754876", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=754876" - }, - { - "name" : "RHSA-2012:1506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1506.html" - }, - { - "name" : "RHSA-2012:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1508.html" - }, - { - "name" : "56825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56825" - }, - { - "name" : "1027838", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1508.html" + }, + { + "name": "56825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56825" + }, + { + "name": "RHSA-2012:1506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1506.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=754876", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=754876" + }, + { + "name": "1027838", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027838" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4375.json b/2011/4xxx/CVE-2011-4375.json index 0e632aecec1..9e372be6bdb 100644 --- a/2011/4xxx/CVE-2011-4375.json +++ b/2011/4xxx/CVE-2011-4375.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4375", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4375", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4773.json b/2011/4xxx/CVE-2011-4773.json index e60e332b293..a8edd3720e1 100644 --- a/2011/4xxx/CVE-2011-4773.json +++ b/2011/4xxx/CVE-2011-4773.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4774-vulnerability-in-AnGuanJia.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4774-vulnerability-in-AnGuanJia.html" - }, - { - "name" : "48433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4774-vulnerability-in-AnGuanJia.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4774-vulnerability-in-AnGuanJia.html" + }, + { + "name": "48433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48433" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4825.json b/2011/4xxx/CVE-2011-4825.json index 859a4103e8b..71bdc5d88b1 100644 --- a/2011/4xxx/CVE-2011-4825.json +++ b/2011/4xxx/CVE-2011-4825.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18075", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18075" - }, - { - "name" : "http://www.phpletter.com/en/DOWNLOAD/1/", - "refsource" : "CONFIRM", - "url" : "http://www.phpletter.com/en/DOWNLOAD/1/" - }, - { - "name" : "http://www.phpmyfaq.de/advisory_2011-10-25.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyfaq.de/advisory_2011-10-25.php" - }, - { - "name" : "http://www.zenphoto.org/trac/ticket/2005", - "refsource" : "CONFIRM", - "url" : "http://www.zenphoto.org/trac/ticket/2005" - }, - { - "name" : "50523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zenphoto.org/trac/ticket/2005", + "refsource": "CONFIRM", + "url": "http://www.zenphoto.org/trac/ticket/2005" + }, + { + "name": "http://www.phpmyfaq.de/advisory_2011-10-25.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyfaq.de/advisory_2011-10-25.php" + }, + { + "name": "http://www.phpletter.com/en/DOWNLOAD/1/", + "refsource": "CONFIRM", + "url": "http://www.phpletter.com/en/DOWNLOAD/1/" + }, + { + "name": "50523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50523" + }, + { + "name": "18075", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18075" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0538.json b/2013/0xxx/CVE-2013-0538.json index de29e8085be..a292c407dfc 100644 --- a/2013/0xxx/CVE-2013-0538.json +++ b/2013/0xxx/CVE-2013-0538.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21633819", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21633819" - }, - { - "name" : "VU#912420", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/912420" - }, - { - "name" : "ibm-notes-javascript-tags(83270)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-notes-javascript-tags(83270)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83270" + }, + { + "name": "VU#912420", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/912420" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21633819", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633819" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0791.json b/2013/0xxx/CVE-2013-0791.json index 7d5a0b2c7e0..482c3d879ae 100644 --- a/2013/0xxx/CVE-2013-0791.json +++ b/2013/0xxx/CVE-2013-0791.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=629816", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=629816" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" - }, - { - "name" : "RHSA-2013:1135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1135.html" - }, - { - "name" : "RHSA-2013:1144", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1144.html" - }, - { - "name" : "openSUSE-SU-2013:0630", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html" - }, - { - "name" : "SUSE-SU-2013:0645", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:0631", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:0850", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html" - }, - { - "name" : "USN-1791-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1791-1" - }, - { - "name" : "58826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58826" - }, - { - "name" : "oval:org.mitre.oval:def:17150", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "SUSE-SU-2013:0850", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html" + }, + { + "name": "USN-1791-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1791-1" + }, + { + "name": "oval:org.mitre.oval:def:17150", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150" + }, + { + "name": "openSUSE-SU-2013:0630", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html" + }, + { + "name": "RHSA-2013:1135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html" + }, + { + "name": "58826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58826" + }, + { + "name": "RHSA-2013:1144", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" + }, + { + "name": "openSUSE-SU-2013:0631", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816" + }, + { + "name": "SUSE-SU-2013:0645", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0804.json b/2013/0xxx/CVE-2013-0804.json index 36cca7cc45c..bf3ab96191b 100644 --- a/2013/0xxx/CVE-2013-0804.json +++ b/2013/0xxx/CVE-2013-0804.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23131", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23131" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7011687", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7011687" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=792535", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=792535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7011687", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7011687" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23131", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23131" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=792535", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=792535" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5001.json b/2013/5xxx/CVE-2013-5001.json index 94730657d69..17041236f44 100644 --- a/2013/5xxx/CVE-2013-5001.json +++ b/2013/5xxx/CVE-2013-5001.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5006.json b/2013/5xxx/CVE-2013-5006.json index dd37d05920d..704edd20f16 100644 --- a/2013/5xxx/CVE-2013-5006.json +++ b/2013/5xxx/CVE-2013-5006.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the \"var pass=\" line within the HTML source code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130718 Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-07/0133.html" - }, - { - "name" : "20130722 Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-07/0146.html" - }, - { - "name" : "95519", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/95519" - }, - { - "name" : "my-net-info-disc(85903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the \"var pass=\" line within the HTML source code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130722 Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0146.html" + }, + { + "name": "my-net-info-disc(85903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85903" + }, + { + "name": "95519", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/95519" + }, + { + "name": "20130718 Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0133.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5014.json b/2013/5xxx/CVE-2013-5014.json index 32bcd07b7d9..ba0cb7c702d 100644 --- a/2013/5xxx/CVE-2013-5014.json +++ b/2013/5xxx/CVE-2013-5014.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-5014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31853", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/31853" - }, - { - "name" : "31917", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/31917" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00" - }, - { - "name" : "65466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt" + }, + { + "name": "31853", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/31853" + }, + { + "name": "31917", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/31917" + }, + { + "name": "65466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65466" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5295.json b/2013/5xxx/CVE-2013-5295.json index 23ee1e26b79..c9791ee5deb 100644 --- a/2013/5xxx/CVE-2013-5295.json +++ b/2013/5xxx/CVE-2013-5295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2253.json b/2014/2xxx/CVE-2014-2253.json index dedda7a69f1..5f0d869d2ff 100644 --- a/2014/2xxx/CVE-2014-2253.json +++ b/2014/2xxx/CVE-2014-2253.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" - }, - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2321.json b/2014/2xxx/CVE-2014-2321.json index 2064a74159a..9f0f18f2450 100644 --- a/2014/2xxx/CVE-2014-2321.json +++ b/2014/2xxx/CVE-2014-2321.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.myxzy.com/post-411.html", - "refsource" : "MISC", - "url" : "http://www.myxzy.com/post-411.html" - }, - { - "name" : "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor" - }, - { - "name" : "VU#600724", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/600724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.myxzy.com/post-411.html", + "refsource": "MISC", + "url": "http://www.myxzy.com/post-411.html" + }, + { + "name": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor" + }, + { + "name": "VU#600724", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/600724" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2447.json b/2014/2xxx/CVE-2014-2447.json index 03808556b3a..aee001fd7a3 100644 --- a/2014/2xxx/CVE-2014-2447.json +++ b/2014/2xxx/CVE-2014-2447.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker, a different vulnerability than CVE-2014-2437." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker, a different vulnerability than CVE-2014-2437." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2535.json b/2014/2xxx/CVE-2014-2535.json index e7b16fe3084..11a7704ccb2 100644 --- a/2014/2xxx/CVE-2014-2535.json +++ b/2014/2xxx/CVE-2014-2535.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10063", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10063" - }, - { - "name" : "66193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66193" - }, - { - "name" : "56958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56958" - }, - { - "name" : "mcafee-gateway-filtering-dir-traversal(91772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56958" + }, + { + "name": "66193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66193" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10063", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10063" + }, + { + "name": "mcafee-gateway-filtering-dir-traversal(91772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91772" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2576.json b/2014/2xxx/CVE-2014-2576.json index 48f166fd2ec..472d200880c 100644 --- a/2014/2xxx/CVE-2014-2576.json +++ b/2014/2xxx/CVE-2014-2576.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[claws-mail] 20140526 Claws Mail 3.10.0 Unleashed!!!", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/p/claws-mail/news/2014/05/claws-mail-3100-unleashed/" - }, - { - "name" : "[oss-security] 20140322 Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/636" - }, - { - "name" : "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106", - "refsource" : "CONFIRM", - "url" : "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106" - }, - { - "name" : "openSUSE-SU-2014:1291", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html" - }, - { - "name" : "60422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60422" + }, + { + "name": "openSUSE-SU-2014:1291", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html" + }, + { + "name": "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106", + "refsource": "CONFIRM", + "url": "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106" + }, + { + "name": "[oss-security] 20140322 Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/636" + }, + { + "name": "[claws-mail] 20140526 Claws Mail 3.10.0 Unleashed!!!", + "refsource": "MLIST", + "url": "http://sourceforge.net/p/claws-mail/news/2014/05/claws-mail-3100-unleashed/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0613.json b/2017/0xxx/CVE-2017-0613.json index 55c6b24f121..3776ef69a78 100644 --- a/2017/0xxx/CVE-2017-0613.json +++ b/2017/0xxx/CVE-2017-0613.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98186" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0695.json b/2017/0xxx/CVE-2017-0695.json index d89273a9e99..e230911ed1a 100644 --- a/2017/0xxx/CVE-2017-0695.json +++ b/2017/0xxx/CVE-2017-0695.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99478" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0697.json b/2017/0xxx/CVE-2017-0697.json index 98a804bb393..cf99945c9c1 100644 --- a/2017/0xxx/CVE-2017-0697.json +++ b/2017/0xxx/CVE-2017-0697.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99478" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0755.json b/2017/0xxx/CVE-2017-0755.json index d7b49261096..f31c9522482 100644 --- a/2017/0xxx/CVE-2017-0755.json +++ b/2017/0xxx/CVE-2017-0755.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100650" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0842.json b/2017/0xxx/CVE-2017-0842.json index e58f71843e3..b50f8e03937 100644 --- a/2017/0xxx/CVE-2017-0842.json +++ b/2017/0xxx/CVE-2017-0842.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "101718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + }, + { + "name": "101718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101718" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000060.json b/2017/1000xxx/CVE-2017-1000060.json index 5629f2c1ddf..db338852c78 100644 --- a/2017/1000xxx/CVE-2017-1000060.json +++ b/2017/1000xxx/CVE-2017-1000060.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.311365", - "ID" : "CVE-2017-1000060", - "REQUESTER" : "rioru@seraphicsquad.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EyesOfNetwork (\"EON\")", - "version" : { - "version_data" : [ - { - "version_value" : "5.1 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Axians" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.311365", + "ID": "CVE-2017-1000060", + "REQUESTER": "rioru@seraphicsquad.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://rioru.github.io/pentest/web/2017/03/28/from-unauthenticated-to-root-supervision.html", - "refsource" : "MISC", - "url" : "https://rioru.github.io/pentest/web/2017/03/28/from-unauthenticated-to-root-supervision.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rioru.github.io/pentest/web/2017/03/28/from-unauthenticated-to-root-supervision.html", + "refsource": "MISC", + "url": "https://rioru.github.io/pentest/web/2017/03/28/from-unauthenticated-to-root-supervision.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000161.json b/2017/1000xxx/CVE-2017-1000161.json index 73c11808d61..9556871c029 100644 --- a/2017/1000xxx/CVE-2017-1000161.json +++ b/2017/1000xxx/CVE-2017-1000161.json @@ -1,21 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.373315", - "ID" : "CVE-2017-1000161", - "REQUESTER" : "spotturu@andrew.cmu.edu", - "STATE" : "REJECT", - "STATE_DETAIL" : "BAD_REF_URL" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1000161", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12273.json b/2017/12xxx/CVE-2017-12273.json index 5b87c650441..aaa2a4944d9 100644 --- a/2017/12xxx/CVE-2017-12273.json +++ b/2017/12xxx/CVE-2017-12273.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve12189." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms", + "version": { + "version_data": [ + { + "version_value": "Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1" - }, - { - "name" : "101655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101655" - }, - { - "name" : "1039714", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve12189." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1" + }, + { + "name": "101655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101655" + }, + { + "name": "1039714", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039714" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12999.json b/2017/12xxx/CVE-2017-12999.json index 0301501025b..30cf08bdcfb 100644 --- a/2017/12xxx/CVE-2017-12999.json +++ b/2017/12xxx/CVE-2017-12999.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/3b32029db354cbc875127869d9b12a9addc75b50", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/3b32029db354cbc875127869d9b12a9addc75b50" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/3b32029db354cbc875127869d9b12a9addc75b50", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/3b32029db354cbc875127869d9b12a9addc75b50" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16025.json b/2017/16xxx/CVE-2017-16025.json index 12d1b603fc3..f18c68a3427 100644 --- a/2017/16xxx/CVE-2017-16025.json +++ b/2017/16xxx/CVE-2017-16025.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nes node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=6.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to `cookie`. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nes node module", + "version": { + "version_data": [ + { + "version_value": "<=6.4.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hapijs/nes/commit/249ba1755ed6977fbc208463c87364bf884ad655", - "refsource" : "MISC", - "url" : "https://github.com/hapijs/nes/commit/249ba1755ed6977fbc208463c87364bf884ad655" - }, - { - "name" : "https://github.com/hapijs/nes/issues/171", - "refsource" : "MISC", - "url" : "https://github.com/hapijs/nes/issues/171" - }, - { - "name" : "https://nodesecurity.io/advisories/331", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to `cookie`. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/331", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/331" + }, + { + "name": "https://github.com/hapijs/nes/issues/171", + "refsource": "MISC", + "url": "https://github.com/hapijs/nes/issues/171" + }, + { + "name": "https://github.com/hapijs/nes/commit/249ba1755ed6977fbc208463c87364bf884ad655", + "refsource": "MISC", + "url": "https://github.com/hapijs/nes/commit/249ba1755ed6977fbc208463c87364bf884ad655" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16186.json b/2017/16xxx/CVE-2017-16186.json index eb824a1ed1b..e47c62d142c 100644 --- a/2017/16xxx/CVE-2017-16186.json +++ b/2017/16xxx/CVE-2017-16186.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "360class.jansenhm node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "360class.jansenhm node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/360class.jansenhm", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/360class.jansenhm" - }, - { - "name" : "https://nodesecurity.io/advisories/448", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/360class.jansenhm", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/360class.jansenhm" + }, + { + "name": "https://nodesecurity.io/advisories/448", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/448" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16505.json b/2017/16xxx/CVE-2017-16505.json index dfdda40301e..7483fbea65f 100644 --- a/2017/16xxx/CVE-2017-16505.json +++ b/2017/16xxx/CVE-2017-16505.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16505", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16505", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16575.json b/2017/16xxx/CVE-2017-16575.json index c238053fa21..6fc585dfafc 100644 --- a/2017/16xxx/CVE-2017-16575.json +++ b/2017/16xxx/CVE-2017-16575.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA's bind element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5091." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-886", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-886" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA's bind element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5091." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-886", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-886" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16618.json b/2017/16xxx/CVE-2017-16618.json index c8e63e60543..d9c6c1b73d3 100644 --- a/2017/16xxx/CVE-2017-16618.json +++ b/2017/16xxx/CVE-2017-16618.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A \"Load YAML\" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16618-convert-through-owlmixin/", - "refsource" : "MISC", - "url" : "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16618-convert-through-owlmixin/" - }, - { - "name" : "https://github.com/tadashi-aikawa/owlmixin/commit/5d0575303f6df869a515ced4285f24ba721e0d4e", - "refsource" : "CONFIRM", - "url" : "https://github.com/tadashi-aikawa/owlmixin/commit/5d0575303f6df869a515ced4285f24ba721e0d4e" - }, - { - "name" : "https://github.com/tadashi-aikawa/owlmixin/issues/12", - "refsource" : "CONFIRM", - "url" : "https://github.com/tadashi-aikawa/owlmixin/issues/12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A \"Load YAML\" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tadashi-aikawa/owlmixin/commit/5d0575303f6df869a515ced4285f24ba721e0d4e", + "refsource": "CONFIRM", + "url": "https://github.com/tadashi-aikawa/owlmixin/commit/5d0575303f6df869a515ced4285f24ba721e0d4e" + }, + { + "name": "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16618-convert-through-owlmixin/", + "refsource": "MISC", + "url": "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16618-convert-through-owlmixin/" + }, + { + "name": "https://github.com/tadashi-aikawa/owlmixin/issues/12", + "refsource": "CONFIRM", + "url": "https://github.com/tadashi-aikawa/owlmixin/issues/12" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4336.json b/2017/4xxx/CVE-2017-4336.json index 8fe80383f45..f47e5957bc6 100644 --- a/2017/4xxx/CVE-2017-4336.json +++ b/2017/4xxx/CVE-2017-4336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4336", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4336", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4441.json b/2017/4xxx/CVE-2017-4441.json index 848e7167f9b..adb987c2eeb 100644 --- a/2017/4xxx/CVE-2017-4441.json +++ b/2017/4xxx/CVE-2017-4441.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4441", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4441", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4689.json b/2017/4xxx/CVE-2017-4689.json index 204bdc065f9..5016731190c 100644 --- a/2017/4xxx/CVE-2017-4689.json +++ b/2017/4xxx/CVE-2017-4689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4689", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4689", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4886.json b/2017/4xxx/CVE-2017-4886.json index dfb6ce43c29..d8672cab3a6 100644 --- a/2017/4xxx/CVE-2017-4886.json +++ b/2017/4xxx/CVE-2017-4886.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4886", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4886", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5150.json b/2018/5xxx/CVE-2018-5150.json index 3716bd7a9a2..ba567eee257 100644 --- a/2018/5xxx/CVE-2018-5150.json +++ b/2018/5xxx/CVE-2018-5150.json @@ -1,186 +1,186 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - }, - { - "product_name" : "Thunderbird ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + }, + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180511 [SECURITY] [DLA 1376-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html" - }, - { - "name" : "[debian-lts-announce] 20180525 [SECURITY] [DLA 1382-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html" - }, - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-13/" - }, - { - "name" : "DSA-4199", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4199" - }, - { - "name" : "DSA-4209", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4209" - }, - { - "name" : "GLSA-201810-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-01" - }, - { - "name" : "GLSA-201811-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-13" - }, - { - "name" : "RHSA-2018:1414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1414" - }, - { - "name" : "RHSA-2018:1415", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1415" - }, - { - "name" : "RHSA-2018:1725", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1725" - }, - { - "name" : "RHSA-2018:1726", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1726" - }, - { - "name" : "USN-3645-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3645-1/" - }, - { - "name" : "USN-3660-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3660-1/" - }, - { - "name" : "USN-3688-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3688-1/" - }, - { - "name" : "104136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104136" - }, - { - "name" : "1040896", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:1415", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1415" + }, + { + "name": "GLSA-201810-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-01" + }, + { + "name": "RHSA-2018:1726", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1726" + }, + { + "name": "RHSA-2018:1414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1414" + }, + { + "name": "GLSA-201811-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-13" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-13/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-11/" + }, + { + "name": "USN-3660-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3660-1/" + }, + { + "name": "1040896", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040896" + }, + { + "name": "DSA-4199", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4199" + }, + { + "name": "USN-3645-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3645-1/" + }, + { + "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1382-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html" + }, + { + "name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1376-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html" + }, + { + "name": "RHSA-2018:1725", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1725" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129" + }, + { + "name": "USN-3688-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3688-1/" + }, + { + "name": "DSA-4209", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4209" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-12/" + }, + { + "name": "104136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104136" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5614.json b/2018/5xxx/CVE-2018-5614.json index 158a00999d3..f4e06d34750 100644 --- a/2018/5xxx/CVE-2018-5614.json +++ b/2018/5xxx/CVE-2018-5614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5614", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5614", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5830.json b/2018/5xxx/CVE-2018-5830.json index 73d98fba990..c030b756a04 100644 --- a/2018/5xxx/CVE-2018-5830.json +++ b/2018/5xxx/CVE-2018-5830.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-5830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-06-05T00:00:00", + "ID": "CVE-2018-5830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=129e76e0ea923b319555f37ea601dfb974a06bfe", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=129e76e0ea923b319555f37ea601dfb974a06bfe" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=8174eb0235a7e581153ea1d4a401e7ea8354cc08", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=8174eb0235a7e581153ea1d4a401e7ea8354cc08" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=8174eb0235a7e581153ea1d4a401e7ea8354cc08", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=8174eb0235a7e581153ea1d4a401e7ea8354cc08" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=129e76e0ea923b319555f37ea601dfb974a06bfe", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=129e76e0ea923b319555f37ea601dfb974a06bfe" + }, + { + "name": "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-06-01#qualcomm-components" + } + ] + } +} \ No newline at end of file