From 6f013e9c474661dff9a23f347f2229ed36709608 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:38:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0278.json | 130 +++++----- 2001/0xxx/CVE-2001-0379.json | 150 ++++++------ 2001/1xxx/CVE-2001-1014.json | 140 +++++------ 2001/1xxx/CVE-2001-1329.json | 120 +++++----- 2006/2xxx/CVE-2006-2272.json | 370 ++++++++++++++--------------- 2006/2xxx/CVE-2006-2953.json | 170 ++++++------- 2006/6xxx/CVE-2006-6071.json | 160 ++++++------- 2006/6xxx/CVE-2006-6416.json | 140 +++++------ 2008/5xxx/CVE-2008-5365.json | 170 ++++++------- 2011/2xxx/CVE-2011-2225.json | 160 ++++++------- 2011/2xxx/CVE-2011-2410.json | 130 +++++----- 2011/2xxx/CVE-2011-2757.json | 120 +++++----- 2011/2xxx/CVE-2011-2974.json | 34 +-- 2011/3xxx/CVE-2011-3060.json | 260 ++++++++++---------- 2011/3xxx/CVE-2011-3444.json | 130 +++++----- 2011/3xxx/CVE-2011-3503.json | 140 +++++------ 2011/3xxx/CVE-2011-3640.json | 180 +++++++------- 2011/3xxx/CVE-2011-3818.json | 140 +++++------ 2011/4xxx/CVE-2011-4408.json | 160 ++++++------- 2011/4xxx/CVE-2011-4904.json | 34 +-- 2013/0xxx/CVE-2013-0288.json | 290 +++++++++++----------- 2013/0xxx/CVE-2013-0609.json | 190 +++++++-------- 2013/0xxx/CVE-2013-0956.json | 140 +++++------ 2013/1xxx/CVE-2013-1390.json | 34 +-- 2013/1xxx/CVE-2013-1462.json | 140 +++++------ 2013/1xxx/CVE-2013-1877.json | 34 +-- 2013/5xxx/CVE-2013-5093.json | 180 +++++++------- 2013/5xxx/CVE-2013-5670.json | 160 ++++++------- 2013/5xxx/CVE-2013-5761.json | 120 +++++----- 2014/2xxx/CVE-2014-2595.json | 34 +-- 2014/2xxx/CVE-2014-2721.json | 34 +-- 2017/0xxx/CVE-2017-0056.json | 140 +++++------ 2017/0xxx/CVE-2017-0377.json | 160 ++++++------- 2017/0xxx/CVE-2017-0424.json | 158 ++++++------ 2017/1000xxx/CVE-2017-1000499.json | 154 ++++++------ 2017/16xxx/CVE-2017-16300.json | 34 +-- 2017/16xxx/CVE-2017-16370.json | 140 +++++------ 2017/16xxx/CVE-2017-16629.json | 34 +-- 2017/16xxx/CVE-2017-16831.json | 140 +++++------ 2017/4xxx/CVE-2017-4407.json | 34 +-- 2017/4xxx/CVE-2017-4460.json | 34 +-- 2017/4xxx/CVE-2017-4643.json | 34 +-- 2017/4xxx/CVE-2017-4999.json | 140 +++++------ 2018/5xxx/CVE-2018-5140.json | 162 ++++++------- 2018/5xxx/CVE-2018-5158.json | 244 +++++++++---------- 2018/5xxx/CVE-2018-5170.json | 224 ++++++++--------- 2018/5xxx/CVE-2018-5474.json | 148 ++++++------ 2018/5xxx/CVE-2018-5919.json | 130 +++++----- 48 files changed, 3252 insertions(+), 3252 deletions(-) diff --git a/2001/0xxx/CVE-2001-0278.json b/2001/0xxx/CVE-2001-0278.json index dd0bb38d30b..0ab7af43906 100644 --- a/2001/0xxx/CVE-2001-0278.json +++ b/2001/0xxx/CVE-2001-0278.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMP0102-009", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q1/0050.html" - }, - { - "name" : "hp-linkeditor-gain-privileges(6223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMP0102-009", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q1/0050.html" + }, + { + "name": "hp-linkeditor-gain-privileges(6223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6223" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0379.json b/2001/0xxx/CVE-2001-0379.json index b697044bb2a..9b17cacf0d1 100644 --- a/2001/0xxx/CVE-2001-0379.json +++ b/2001/0xxx/CVE-2001-0379.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0103-147", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q1/0101.html" - }, - { - "name" : "VU#249224", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/249224" - }, - { - "name" : "hp-newgrp-additional-privileges(6282)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6282" - }, - { - "name" : "5681", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5681", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5681" + }, + { + "name": "hp-newgrp-additional-privileges(6282)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6282" + }, + { + "name": "HPSBUX0103-147", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q1/0101.html" + }, + { + "name": "VU#249224", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/249224" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1014.json b/2001/1xxx/CVE-2001-1014.json index 331ebc8f72b..96076e1bd92 100644 --- a/2001/1xxx/CVE-2001-1014.json +++ b/2001/1xxx/CVE-2001-1014.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010915 advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/214456" - }, - { - "name" : "3340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3340" - }, - { - "name" : "eshop-script-execute-commands(7128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010915 advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/214456" + }, + { + "name": "eshop-script-execute-commands(7128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7128" + }, + { + "name": "3340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3340" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1329.json b/2001/1xxx/CVE-2001-1329.json index 315f5ee30e8..0d53227f9e3 100644 --- a/2001/1xxx/CVE-2001-1329.json +++ b/2001/1xxx/CVE-2001-1329.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010611 rsh bufferoverflow on AIX 4.2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010611 rsh bufferoverflow on AIX 4.2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2272.json b/2006/2xxx/CVE-2006-2272.json index f3e75643ab3..e3642151a1c 100644 --- a/2006/2xxx/CVE-2006-2272.json +++ b/2006/2xxx/CVE-2006-2272.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html" - }, - { - "name" : "http://labs.musecurity.com/advisories/MU-200605-01.txt", - "refsource" : "MISC", - "url" : "http://labs.musecurity.com/advisories/MU-200605-01.txt" - }, - { - "name" : "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" - }, - { - "name" : "DSA-1097", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1097" - }, - { - "name" : "DSA-1103", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1103" - }, - { - "name" : "MDKSA-2006:086", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086" - }, - { - "name" : "RHSA-2006:0493", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "2006-0026", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0026" - }, - { - "name" : "USN-302-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-302-1" - }, - { - "name" : "17910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17910" - }, - { - "name" : "oval:org.mitre.oval:def:11243", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11243" - }, - { - "name" : "ADV-2006-1734", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1734" - }, - { - "name" : "ADV-2006-2554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2554" - }, - { - "name" : "25633", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25633" - }, - { - "name" : "19990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19990" - }, - { - "name" : "20157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20157" - }, - { - "name" : "20237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20237" - }, - { - "name" : "20671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20671" - }, - { - "name" : "20716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20716" - }, - { - "name" : "20914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20914" - }, - { - "name" : "21745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21745" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - }, - { - "name" : "21476", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21476" - }, - { - "name" : "linux-sctp-control-chunk-dos(26431)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm" + }, + { + "name": "RHSA-2006:0493", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html" + }, + { + "name": "http://labs.musecurity.com/advisories/MU-200605-01.txt", + "refsource": "MISC", + "url": "http://labs.musecurity.com/advisories/MU-200605-01.txt" + }, + { + "name": "19990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19990" + }, + { + "name": "ADV-2006-2554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2554" + }, + { + "name": "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813" + }, + { + "name": "20716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20716" + }, + { + "name": "21476", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21476" + }, + { + "name": "21745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21745" + }, + { + "name": "USN-302-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-302-1" + }, + { + "name": "17910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17910" + }, + { + "name": "DSA-1097", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1097" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "25633", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25633" + }, + { + "name": "20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html" + }, + { + "name": "2006-0026", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0026" + }, + { + "name": "DSA-1103", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1103" + }, + { + "name": "ADV-2006-1734", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1734" + }, + { + "name": "20237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20237" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "MDKSA-2006:086", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086" + }, + { + "name": "20671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20671" + }, + { + "name": "linux-sctp-control-chunk-dos(26431)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26431" + }, + { + "name": "20157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20157" + }, + { + "name": "20914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20914" + }, + { + "name": "oval:org.mitre.oval:def:11243", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11243" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2953.json b/2006/2xxx/CVE-2006-2953.json index e26f78e2313..896ea7922d2 100644 --- a/2006/2xxx/CVE-2006-2953.json +++ b/2006/2xxx/CVE-2006-2953.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/officeflow-26-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/officeflow-26-vuln.html" - }, - { - "name" : "18367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18367" - }, - { - "name" : "ADV-2006-2246", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2246" - }, - { - "name" : "1016255", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016255" - }, - { - "name" : "20545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20545" - }, - { - "name" : "officeflow-default-xss(27022)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/06/officeflow-26-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/officeflow-26-vuln.html" + }, + { + "name": "20545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20545" + }, + { + "name": "18367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18367" + }, + { + "name": "1016255", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016255" + }, + { + "name": "ADV-2006-2246", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2246" + }, + { + "name": "officeflow-default-xss(27022)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27022" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6071.json b/2006/6xxx/CVE-2006-6071.json index 85f38fffc74..81e49743e17 100644 --- a/2006/6xxx/CVE-2006-6071.json +++ b/2006/6xxx/CVE-2006-6071.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and \"ErrorDocument 401\" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071", - "refsource" : "CONFIRM", - "url" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071" - }, - { - "name" : "21381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21381" - }, - { - "name" : "ADV-2006-4790", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4790" - }, - { - "name" : "23189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23189" - }, - { - "name" : "twiki-401response-authentication-bypass(30667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and \"ErrorDocument 401\" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21381" + }, + { + "name": "twiki-401response-authentication-bypass(30667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30667" + }, + { + "name": "23189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23189" + }, + { + "name": "ADV-2006-4790", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4790" + }, + { + "name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071", + "refsource": "CONFIRM", + "url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6416.json b/2006/6xxx/CVE-2006-6416.json index 0cfe35c24ca..50746aac290 100644 --- a/2006/6xxx/CVE-2006-6416.json +++ b/2006/6xxx/CVE-2006-6416.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to (1) consult/miniseul.php or (2) config.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20756" - }, - { - "name" : "23342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23342" - }, - { - "name" : "phpleague-config-file-include(29819)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to (1) consult/miniseul.php or (2) config.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpleague-config-file-include(29819)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29819" + }, + { + "name": "23342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23342" + }, + { + "name": "20756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20756" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5365.json b/2008/5xxx/CVE-2008-5365.json index 7972cbf0bca..86fc290454c 100644 --- a/2008/5xxx/CVE-2008-5365.json +++ b/2008/5xxx/CVE-2008-5365.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7287", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7287" - }, - { - "name" : "32541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32541" - }, - { - "name" : "ADV-2008-3304", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3304" - }, - { - "name" : "50391", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50391" - }, - { - "name" : "32922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32922" - }, - { - "name" : "activevotes-votehistory-sql-injection(46924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "activevotes-votehistory-sql-injection(46924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46924" + }, + { + "name": "ADV-2008-3304", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3304" + }, + { + "name": "32922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32922" + }, + { + "name": "7287", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7287" + }, + { + "name": "50391", + "refsource": "OSVDB", + "url": "http://osvdb.org/50391" + }, + { + "name": "32541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32541" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2225.json b/2011/2xxx/CVE-2011-2225.json index e8b86d7dd81..c591c752ca3 100644 --- a/2011/2xxx/CVE-2011-2225.json +++ b/2011/2xxx/CVE-2011-2225.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to have an unknown impact via a crafted directory pathname that is inserted into config.sh." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/security/cve/CVE-2011-2225.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2011-2225.html" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=709572", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=709572" - }, - { - "name" : "SUSE-SU-2011:0917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html" - }, - { - "name" : "49236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49236" - }, - { - "name" : "kiwi-config-file-include(69277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to have an unknown impact via a crafted directory pathname that is inserted into config.sh." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/security/cve/CVE-2011-2225.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2011-2225.html" + }, + { + "name": "49236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49236" + }, + { + "name": "kiwi-config-file-include(69277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69277" + }, + { + "name": "SUSE-SU-2011:0917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=709572", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=709572" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2410.json b/2011/2xxx/CVE-2011-2410.json index e57f368b00e..6af035b52c3 100644 --- a/2011/2xxx/CVE-2011-2410.json +++ b/2011/2xxx/CVE-2011-2410.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-2410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02695", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02942411" - }, - { - "name" : "SSRT100480", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02942411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02695", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02942411" + }, + { + "name": "SSRT100480", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02942411" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2757.json b/2011/2xxx/CVE-2011-2757.json index 69fd3b15db3..2a0efe4dc8e 100644 --- a/2011/2xxx/CVE-2011-2757.json +++ b/2011/2xxx/CVE-2011-2757.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17503", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17503/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17503", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17503/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2974.json b/2011/2xxx/CVE-2011-2974.json index be1dc8fcfcb..d43829c54b4 100644 --- a/2011/2xxx/CVE-2011-2974.json +++ b/2011/2xxx/CVE-2011-2974.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2974", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2974", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3060.json b/2011/3xxx/CVE-2011-3060.json index ac85fa5589f..8fb3fec22bb 100644 --- a/2011/3xxx/CVE-2011-3060.json +++ b/2011/3xxx/CVE-2011-3060.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=114056", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=114056" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "52762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52762" - }, - { - "name" : "oval:org.mitre.oval:def:15364", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15364" - }, - { - "name" : "1026877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026877" - }, - { - "name" : "48618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48618" - }, - { - "name" : "48691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48691" - }, - { - "name" : "48763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48763" - }, - { - "name" : "chrome-text-fragment-code-exec(74410)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chrome-text-fragment-code-exec(74410)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74410" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "1026877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026877" + }, + { + "name": "48618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48618" + }, + { + "name": "48691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48691" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=114056", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=114056" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html" + }, + { + "name": "oval:org.mitre.oval:def:15364", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15364" + }, + { + "name": "52762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52762" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "48763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48763" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3444.json b/2011/3xxx/CVE-2011-3444.json index 8b41b36e945..95f81984659 100644 --- a/2011/3xxx/CVE-2011-3444.json +++ b/2011/3xxx/CVE-2011-3444.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3503.json b/2011/3xxx/CVE-2011-3503.json index d00c08c806e..e1f7f44ec82 100644 --- a/2011/3xxx/CVE-2011-3503.json +++ b/2011/3xxx/CVE-2011-3503.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located in the same folder as a .quo (QUOTE) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "75458", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75458" - }, - { - "name" : "45966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45966" - }, - { - "name" : "esignal-dll-code-execution(69786)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located in the same folder as a .quo (QUOTE) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45966" + }, + { + "name": "75458", + "refsource": "OSVDB", + "url": "http://osvdb.org/75458" + }, + { + "name": "esignal-dll-code-execution(69786)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69786" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3640.json b/2011/3xxx/CVE-2011-3640.json index 2ce4df8729b..a5478c33910 100644 --- a/2011/3xxx/CVE-2011-3640.json +++ b/2011/3xxx/CVE-2011-3640.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", - "refsource" : "MISC", - "url" : "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=97426", - "refsource" : "MISC", - "url" : "http://code.google.com/p/chromium/issues/detail?id=97426" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=641052" - }, - { - "name" : "openSUSE-SU-2012:0030", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/13154861" - }, - { - "name" : "openSUSE-SU-2012:0063", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/13155432" - }, - { - "name" : "oval:org.mitre.oval:def:13414", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" - }, - { - "name" : "8483", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=641052" + }, + { + "name": "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", + "refsource": "MISC", + "url": "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html" + }, + { + "name": "openSUSE-SU-2012:0063", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/13155432" + }, + { + "name": "openSUSE-SU-2012:0030", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/13154861" + }, + { + "name": "8483", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8483" + }, + { + "name": "oval:org.mitre.oval:def:13414", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=97426", + "refsource": "MISC", + "url": "http://code.google.com/p/chromium/issues/detail?id=97426" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3818.json b/2011/3xxx/CVE-2011-3818.json index e1971df1872..9fd9587b464 100644 --- a/2011/3xxx/CVE-2011-3818.json +++ b/2011/3xxx/CVE-2011-3818.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/wordpress_2.9.2", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/wordpress_2.9.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/wordpress_2.9.2", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/wordpress_2.9.2" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4408.json b/2011/4xxx/CVE-2011-4408.json index 5ff3b61bf24..401511d4e8e 100644 --- a/2011/4xxx/CVE-2011-4408.json +++ b/2011/4xxx/CVE-2011-4408.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2011-4408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-1464-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1464-1" - }, - { - "name" : "53829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53829" - }, - { - "name" : "82747", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82747" - }, - { - "name" : "49448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49448" - }, - { - "name" : "ubuntussoclient-ssl-info-disc(76112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ubuntussoclient-ssl-info-disc(76112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76112" + }, + { + "name": "USN-1464-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1464-1" + }, + { + "name": "82747", + "refsource": "OSVDB", + "url": "http://osvdb.org/82747" + }, + { + "name": "53829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53829" + }, + { + "name": "49448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49448" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4904.json b/2011/4xxx/CVE-2011-4904.json index b28007d7670..b924779d831 100644 --- a/2011/4xxx/CVE-2011-4904.json +++ b/2011/4xxx/CVE-2011-4904.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4904", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4904", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0288.json b/2013/0xxx/CVE-2013-0288.json index 1c5fae5d7f3..effeebba1eb 100644 --- a/2013/0xxx/CVE-2013-0288.json +++ b/2013/0xxx/CVE-2013-0288.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nss-pam-ldapd-announce] 20130218 nss-pam-ldapd security advisory (CVE-2013-0288)", - "refsource" : "MLIST", - "url" : "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2013/msg00001.html" - }, - { - "name" : "[oss-security] 20130218 CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/18/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288" - }, - { - "name" : "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81", - "refsource" : "CONFIRM", - "url" : "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81" - }, - { - "name" : "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32", - "refsource" : "CONFIRM", - "url" : "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32" - }, - { - "name" : "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b", - "refsource" : "CONFIRM", - "url" : "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0071", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0071" - }, - { - "name" : "DSA-2628", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2628" - }, - { - "name" : "FEDORA-2013-2754", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html" - }, - { - "name" : "MDVSA-2013:106", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:106" - }, - { - "name" : "RHSA-2013:0590", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0590.html" - }, - { - "name" : "openSUSE-SU-2013:0522", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00087.html" - }, - { - "name" : "openSUSE-SU-2013:0524", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00091.html" - }, - { - "name" : "58007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58007" - }, - { - "name" : "52212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52212" - }, - { - "name" : "52242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52242" - }, - { - "name" : "nsspamldapd-fdsetsize-bo(82175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0288" + }, + { + "name": "RHSA-2013:0590", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0590.html" + }, + { + "name": "58007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58007" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319" + }, + { + "name": "DSA-2628", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2628" + }, + { + "name": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81", + "refsource": "CONFIRM", + "url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=7867b93f9a7c76b96f1571cddc1de0811134bb81" + }, + { + "name": "[oss-security] 20130218 CVE-2013-0288 nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/18/2" + }, + { + "name": "FEDORA-2013-2754", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099438.html" + }, + { + "name": "52212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52212" + }, + { + "name": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b", + "refsource": "CONFIRM", + "url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b" + }, + { + "name": "52242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52242" + }, + { + "name": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32", + "refsource": "CONFIRM", + "url": "http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=abf03bc54032beeff95b1b8634cc005137e11f32" + }, + { + "name": "MDVSA-2013:106", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:106" + }, + { + "name": "[nss-pam-ldapd-announce] 20130218 nss-pam-ldapd security advisory (CVE-2013-0288)", + "refsource": "MLIST", + "url": "http://lists.arthurdejong.org/nss-pam-ldapd-announce/2013/msg00001.html" + }, + { + "name": "nsspamldapd-fdsetsize-bo(82175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82175" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0071", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0071" + }, + { + "name": "openSUSE-SU-2013:0522", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00087.html" + }, + { + "name": "openSUSE-SU-2013:0524", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00091.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0609.json b/2013/0xxx/CVE-2013-0609.json index d271d08e085..aea6a285c1c 100644 --- a/2013/0xxx/CVE-2013-0609.json +++ b/2013/0xxx/CVE-2013-0609.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0613." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0150", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0150.html" - }, - { - "name" : "SUSE-SU-2013:0044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" - }, - { - "name" : "SUSE-SU-2013:0047", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" - }, - { - "name" : "openSUSE-SU-2013:0193", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" - }, - { - "name" : "oval:org.mitre.oval:def:16120", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0613." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" + }, + { + "name": "SUSE-SU-2013:0047", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:0193", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" + }, + { + "name": "oval:org.mitre.oval:def:16120", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16120" + }, + { + "name": "openSUSE-SU-2013:0138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-02.html" + }, + { + "name": "RHSA-2013:0150", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0150.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0956.json b/2013/0xxx/CVE-2013-0956.json index bc2e83935ea..90bfe966f3f 100644 --- a/2013/0xxx/CVE-2013-0956.json +++ b/2013/0xxx/CVE-2013-0956.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5642", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5642" - }, - { - "name" : "APPLE-SA-2013-01-28-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2013-03-14-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5642", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5642" + }, + { + "name": "APPLE-SA-2013-03-14-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html" + }, + { + "name": "APPLE-SA-2013-01-28-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1390.json b/2013/1xxx/CVE-2013-1390.json index 9596123fcee..a09986ef22c 100644 --- a/2013/1xxx/CVE-2013-1390.json +++ b/2013/1xxx/CVE-2013-1390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1462.json b/2013/1xxx/CVE-2013-1462.json index 8666fd34816..08029828cdb 100644 --- a/2013/1xxx/CVE-2013-1462.json +++ b/2013/1xxx/CVE-2013-1462.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a \" (double quote) character, a different vulnerability than CVE-2013-0230." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play" - }, - { - "name" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf" - }, - { - "name" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a \" (double quote) character, a different vulnerability than CVE-2013-0230." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", + "refsource": "MISC", + "url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf" + }, + { + "name": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", + "refsource": "MISC", + "url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb" + }, + { + "name": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1877.json b/2013/1xxx/CVE-2013-1877.json index 144ebea3419..a05511fd3c0 100644 --- a/2013/1xxx/CVE-2013-1877.json +++ b/2013/1xxx/CVE-2013-1877.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1877", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2616. Reason: This candidate is a duplicate of CVE-2013-2616. Notes: All CVE users should reference CVE-2013-2616 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-1877", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2616. Reason: This candidate is a duplicate of CVE-2013-2616. Notes: All CVE users should reference CVE-2013-2616 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5093.json b/2013/5xxx/CVE-2013-5093.json index d2b64228843..9f15e85df4e 100644 --- a/2013/5xxx/CVE-2013-5093.json +++ b/2013/5xxx/CVE-2013-5093.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27752", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/27752" - }, - { - "name" : "http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/", - "refsource" : "MISC", - "url" : "http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/" - }, - { - "name" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb" - }, - { - "name" : "https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst", - "refsource" : "CONFIRM", - "url" : "https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst" - }, - { - "name" : "61894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61894" - }, - { - "name" : "96436", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/96436" - }, - { - "name" : "54556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/", + "refsource": "MISC", + "url": "http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/" + }, + { + "name": "27752", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/27752" + }, + { + "name": "https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst", + "refsource": "CONFIRM", + "url": "https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst" + }, + { + "name": "96436", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/96436" + }, + { + "name": "61894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61894" + }, + { + "name": "54556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54556" + }, + { + "name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5670.json b/2013/5xxx/CVE-2013-5670.json index ed3c88746e2..524a911af0d 100644 --- a/2013/5xxx/CVE-2013-5670.json +++ b/2013/5xxx/CVE-2013-5670.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130901 CVE request: serendipity before 1.7.3 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/01/1" - }, - { - "name" : "[oss-security] 20130901 Re: CVE request: serendipity before 1.7.3 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/01/3" - }, - { - "name" : "http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html" - }, - { - "name" : "http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html" - }, - { - "name" : "87395", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/87395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html", + "refsource": "CONFIRM", + "url": "http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html" + }, + { + "name": "http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html", + "refsource": "MISC", + "url": "http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html" + }, + { + "name": "[oss-security] 20130901 Re: CVE request: serendipity before 1.7.3 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/01/3" + }, + { + "name": "87395", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/87395" + }, + { + "name": "[oss-security] 20130901 CVE request: serendipity before 1.7.3 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/01/1" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5761.json b/2013/5xxx/CVE-2013-5761.json index cacf7cf87e0..96f9476ff79 100644 --- a/2013/5xxx/CVE-2013-5761.json +++ b/2013/5xxx/CVE-2013-5761.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Integration - Scripting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Integration - Scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2595.json b/2014/2xxx/CVE-2014-2595.json index a7d9162e861..9ed3f95b255 100644 --- a/2014/2xxx/CVE-2014-2595.json +++ b/2014/2xxx/CVE-2014-2595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2595", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2595", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2721.json b/2014/2xxx/CVE-2014-2721.json index 156bc9faf7a..8be48ca99f6 100644 --- a/2014/2xxx/CVE-2014-2721.json +++ b/2014/2xxx/CVE-2014-2721.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2721", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2721", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0056.json b/2017/0xxx/CVE-2017-0056.json index 917b6930d41..90328b30824 100644 --- a/2017/0xxx/CVE-2017-0056.json +++ b/2017/0xxx/CVE-2017-0056.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Win32k", - "version" : { - "version_data" : [ - { - "version_value" : "The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Win32k", + "version": { + "version_data": [ + { + "version_value": "The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0056", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0056" - }, - { - "name" : "96630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96630" - }, - { - "name" : "1038017", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0056", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0056" + }, + { + "name": "1038017", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038017" + }, + { + "name": "96630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96630" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0377.json b/2017/0xxx/CVE-2017-0377.json index 4b5c485b7e5..9f3425cd2cb 100644 --- a/2017/0xxx/CVE-2017-0377.json +++ b/2017/0xxx/CVE-2017-0377.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2017-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tor", - "version" : { - "version_data" : [ - { - "version_value" : "Tor" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privacy bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "Tor" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.torproject.org/blog/tor-0309-released-security-update-clients", - "refsource" : "CONFIRM", - "url" : "https://blog.torproject.org/blog/tor-0309-released-security-update-clients" - }, - { - "name" : "https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients", - "refsource" : "CONFIRM", - "url" : "https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients" - }, - { - "name" : "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350", - "refsource" : "CONFIRM", - "url" : "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350" - }, - { - "name" : "https://security-tracker.debian.org/CVE-2017-0377", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/CVE-2017-0377" - }, - { - "name" : "https://trac.torproject.org/projects/tor/ticket/22753", - "refsource" : "CONFIRM", - "url" : "https://trac.torproject.org/projects/tor/ticket/22753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privacy bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://trac.torproject.org/projects/tor/ticket/22753", + "refsource": "CONFIRM", + "url": "https://trac.torproject.org/projects/tor/ticket/22753" + }, + { + "name": "https://security-tracker.debian.org/CVE-2017-0377", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/CVE-2017-0377" + }, + { + "name": "https://blog.torproject.org/blog/tor-0309-released-security-update-clients", + "refsource": "CONFIRM", + "url": "https://blog.torproject.org/blog/tor-0309-released-security-update-clients" + }, + { + "name": "https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients", + "refsource": "CONFIRM", + "url": "https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients" + }, + { + "name": "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350", + "refsource": "CONFIRM", + "url": "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0424.json b/2017/0xxx/CVE-2017-0424.json index cff77cf6921..7e9150ccef2 100644 --- a/2017/0xxx/CVE-2017-0424.json +++ b/2017/0xxx/CVE-2017-0424.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96104" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "96104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96104" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000499.json b/2017/1000xxx/CVE-2017-1000499.json index fef9587b645..f4e6edf7834 100644 --- a/2017/1000xxx/CVE-2017-1000499.json +++ b/2017/1000xxx/CVE-2017-1000499.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000499", - "REQUESTER" : "security@phpmyadmin.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "phpMyAdmin", - "version" : { - "version_data" : [ - { - "version_value" : "4.7.x (prior to 4.7.6.1 or prior to 4.7.7)" - } - ] - } - } - ] - }, - "vendor_name" : "phpMyAdmin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000499", + "REQUESTER": "security@phpmyadmin.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45284", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45284/" - }, - { - "name" : "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/", - "refsource" : "MISC", - "url" : "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2017-9/", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2017-9/" - }, - { - "name" : "1040163", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040163", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040163" + }, + { + "name": "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/", + "refsource": "MISC", + "url": "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/" + }, + { + "name": "45284", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45284/" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2017-9/", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2017-9/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16300.json b/2017/16xxx/CVE-2017-16300.json index 1b08ea23785..531a7ef222d 100644 --- a/2017/16xxx/CVE-2017-16300.json +++ b/2017/16xxx/CVE-2017-16300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16300", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16300", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16370.json b/2017/16xxx/CVE-2017-16370.json index cb307470ad6..2cdd2ac1e08 100644 --- a/2017/16xxx/CVE-2017-16370.json +++ b/2017/16xxx/CVE-2017-16370.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "102140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102140" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "102140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102140" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16629.json b/2017/16xxx/CVE-2017-16629.json index ea558e6d312..b7c131601c0 100644 --- a/2017/16xxx/CVE-2017-16629.json +++ b/2017/16xxx/CVE-2017-16629.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16629", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16629", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16831.json b/2017/16xxx/CVE-2017-16831.json index 1fb2a0065bc..1620fa3a494 100644 --- a/2017/16xxx/CVE-2017-16831.json +++ b/2017/16xxx/CVE-2017-16831.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22385" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" - }, - { - "name" : "GLSA-201811-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" + }, + { + "name": "GLSA-201811-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-17" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22385" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4407.json b/2017/4xxx/CVE-2017-4407.json index d7558e31719..5c116f7a36e 100644 --- a/2017/4xxx/CVE-2017-4407.json +++ b/2017/4xxx/CVE-2017-4407.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4407", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4407", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4460.json b/2017/4xxx/CVE-2017-4460.json index 8c2c141b04f..6cfd30a4475 100644 --- a/2017/4xxx/CVE-2017-4460.json +++ b/2017/4xxx/CVE-2017-4460.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4460", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4460", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4643.json b/2017/4xxx/CVE-2017-4643.json index c358695152d..e59f1085bd6 100644 --- a/2017/4xxx/CVE-2017-4643.json +++ b/2017/4xxx/CVE-2017-4643.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4643", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4643", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4999.json b/2017/4xxx/CVE-2017-4999.json index c372eb83650..c740bbac99f 100644 --- a/2017/4xxx/CVE-2017-4999.json +++ b/2017/4xxx/CVE-2017-4999.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1", - "version" : { - "version_data" : [ - { - "version_value" : "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authorization Bypass Through User-Controlled Key Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1", + "version": { + "version_data": [ + { + "version_value": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jun/49", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Jun/49" - }, - { - "name" : "99354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99354" - }, - { - "name" : "1038815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization Bypass Through User-Controlled Key Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99354" + }, + { + "name": "1038815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038815" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jun/49", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Jun/49" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5140.json b/2018/5xxx/CVE-2018-5140.json index c824c2ba376..cdf5ab62818 100644 --- a/2018/5xxx/CVE-2018-5140.json +++ b/2018/5xxx/CVE-2018-5140.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "59" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Image for moz-icons can be accessed through the \"moz-icon:\" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Moz-icon images accessible to web content through moz-icon: protocol" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "59" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1424261", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1424261" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-06/" - }, - { - "name" : "USN-3596-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3596-1/" - }, - { - "name" : "103386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103386" - }, - { - "name" : "1040514", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Image for moz-icons can be accessed through the \"moz-icon:\" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Moz-icon images accessible to web content through moz-icon: protocol" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1424261", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1424261" + }, + { + "name": "103386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103386" + }, + { + "name": "1040514", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040514" + }, + { + "name": "USN-3596-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3596-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5158.json b/2018/5xxx/CVE-2018-5158.json index 3fe0703aba8..359c9acf55c 100644 --- a/2018/5xxx/CVE-2018-5158.json +++ b/2018/5xxx/CVE-2018-5158.json @@ -1,124 +1,124 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Malicious PDF can inject JavaScript into PDF Viewer" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180511 [SECURITY] [DLA 1376-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1452075", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1452075" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-12/" - }, - { - "name" : "DSA-4199", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4199" - }, - { - "name" : "GLSA-201810-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-01" - }, - { - "name" : "RHSA-2018:1414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1414" - }, - { - "name" : "RHSA-2018:1415", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1415" - }, - { - "name" : "USN-3645-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3645-1/" - }, - { - "name" : "104136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104136" - }, - { - "name" : "1040896", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Malicious PDF can inject JavaScript into PDF Viewer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:1415", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1415" + }, + { + "name": "GLSA-201810-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-01" + }, + { + "name": "RHSA-2018:1414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1414" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-11/" + }, + { + "name": "1040896", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040896" + }, + { + "name": "DSA-4199", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4199" + }, + { + "name": "USN-3645-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3645-1/" + }, + { + "name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1376-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452075", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452075" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-12/" + }, + { + "name": "104136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104136" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5170.json b/2018/5xxx/CVE-2018-5170.json index 6bc2f55b6f5..59c286215b5 100644 --- a/2018/5xxx/CVE-2018-5170.json +++ b/2018/5xxx/CVE-2018-5170.json @@ -1,114 +1,114 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Filename spoofing for external attachments" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180525 [SECURITY] [DLA 1382-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1411732", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1411732" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-13/" - }, - { - "name" : "DSA-4209", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4209" - }, - { - "name" : "GLSA-201811-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-13" - }, - { - "name" : "RHSA-2018:1725", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1725" - }, - { - "name" : "RHSA-2018:1726", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1726" - }, - { - "name" : "USN-3660-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3660-1/" - }, - { - "name" : "1040946", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Filename spoofing for external attachments" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:1726", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1726" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1411732", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1411732" + }, + { + "name": "GLSA-201811-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-13" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-13/" + }, + { + "name": "USN-3660-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3660-1/" + }, + { + "name": "1040946", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040946" + }, + { + "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1382-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html" + }, + { + "name": "RHSA-2018:1725", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1725" + }, + { + "name": "DSA-4209", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4209" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5474.json b/2018/5xxx/CVE-2018-5474.json index 7e190dbd1b5..b93d10b41ee 100644 --- a/2018/5xxx/CVE-2018-5474.json +++ b/2018/5xxx/CVE-2018-5474.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-02-27T00:00:00", - "ID" : "CVE-2018-5474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Philips IntelliSpace Portal", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.x" - }, - { - "version_value" : "7.0.x" - } - ] - } - } - ] - }, - "vendor_name" : "Philips" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER INPUT VALIDATION CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-02-27T00:00:00", + "ID": "CVE-2018-5474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Philips IntelliSpace Portal", + "version": { + "version_data": [ + { + "version_value": "8.0.x" + }, + { + "version_value": "7.0.x" + } + ] + } + } + ] + }, + "vendor_name": "Philips" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", - "refsource" : "CONFIRM", - "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" - }, - { - "name" : "103182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource": "CONFIRM", + "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" + }, + { + "name": "103182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103182" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5919.json b/2018/5xxx/CVE-2018-5919.json index ecfea97ee42..b3e2e0f1280 100644 --- a/2018/5xxx/CVE-2018-5919.json +++ b/2018/5xxx/CVE-2018-5919.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-5919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-5919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=81a80c9973833f7cd93dc83ce0f23572dd81befe", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=81a80c9973833f7cd93dc83ce0f23572dd81befe" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=81a80c9973833f7cd93dc83ce0f23572dd81befe", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=81a80c9973833f7cd93dc83ce0f23572dd81befe" + } + ] + } +} \ No newline at end of file