From 7cb4d730d74ccecf485cafec757aca9f8b10c4d3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:39:11 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0219.json | 170 +++++------ 2001/0xxx/CVE-2001-0238.json | 140 ++++----- 2001/0xxx/CVE-2001-0558.json | 150 +++++----- 2001/0xxx/CVE-2001-0585.json | 140 ++++----- 2001/0xxx/CVE-2001-0745.json | 140 ++++----- 2001/0xxx/CVE-2001-0877.json | 200 ++++++------- 2001/0xxx/CVE-2001-0892.json | 130 ++++----- 2006/2xxx/CVE-2006-2295.json | 160 +++++----- 2006/2xxx/CVE-2006-2314.json | 450 ++++++++++++++--------------- 2006/2xxx/CVE-2006-2657.json | 34 +-- 2006/2xxx/CVE-2006-2970.json | 150 +++++----- 2006/6xxx/CVE-2006-6276.json | 190 ++++++------ 2006/6xxx/CVE-2006-6345.json | 190 ++++++------ 2011/2xxx/CVE-2011-2211.json | 150 +++++----- 2011/2xxx/CVE-2011-2478.json | 130 ++++----- 2011/2xxx/CVE-2011-2733.json | 140 ++++----- 2011/2xxx/CVE-2011-2917.json | 160 +++++----- 2011/3xxx/CVE-2011-3439.json | 180 ++++++------ 2011/3xxx/CVE-2011-3774.json | 150 +++++----- 2011/4xxx/CVE-2011-4163.json | 140 ++++----- 2011/4xxx/CVE-2011-4200.json | 34 +-- 2011/4xxx/CVE-2011-4255.json | 120 ++++---- 2011/4xxx/CVE-2011-4283.json | 140 ++++----- 2011/4xxx/CVE-2011-4757.json | 130 ++++----- 2013/1xxx/CVE-2013-1063.json | 160 +++++----- 2013/1xxx/CVE-2013-1499.json | 130 ++++----- 2013/1xxx/CVE-2013-1545.json | 130 ++++----- 2013/1xxx/CVE-2013-1978.json | 170 +++++------ 2013/5xxx/CVE-2013-5097.json | 130 ++++----- 2013/5xxx/CVE-2013-5419.json | 180 ++++++------ 2013/5xxx/CVE-2013-5880.json | 170 +++++------ 2013/5xxx/CVE-2013-5912.json | 120 ++++---- 2013/5xxx/CVE-2013-5923.json | 34 +-- 2013/5xxx/CVE-2013-5995.json | 150 +++++----- 2014/2xxx/CVE-2014-2271.json | 34 +-- 2014/2xxx/CVE-2014-2802.json | 150 +++++----- 2017/0xxx/CVE-2017-0671.json | 122 ++++---- 2017/0xxx/CVE-2017-0767.json | 174 +++++------ 2017/1000xxx/CVE-2017-1000144.json | 124 ++++---- 2017/1000xxx/CVE-2017-1000388.json | 124 ++++---- 2017/12xxx/CVE-2017-12054.json | 34 +-- 2017/16xxx/CVE-2017-16433.json | 34 +-- 2017/16xxx/CVE-2017-16641.json | 120 ++++---- 2017/16xxx/CVE-2017-16676.json | 34 +-- 2017/1xxx/CVE-2017-1174.json | 178 ++++++------ 2017/1xxx/CVE-2017-1702.json | 34 +-- 2017/4xxx/CVE-2017-4138.json | 34 +-- 2017/4xxx/CVE-2017-4415.json | 34 +-- 2017/4xxx/CVE-2017-4424.json | 34 +-- 2017/4xxx/CVE-2017-4919.json | 142 ++++----- 2018/5xxx/CVE-2018-5053.json | 140 ++++----- 2018/5xxx/CVE-2018-5658.json | 130 ++++----- 2018/5xxx/CVE-2018-5849.json | 122 ++++---- 53 files changed, 3445 insertions(+), 3445 deletions(-) diff --git a/2001/0xxx/CVE-2001-0219.json b/2001/0xxx/CVE-2001-0219.json index 6f1956196cf..f6488366980 100644 --- a/2001/0xxx/CVE-2001-0219.json +++ b/2001/0xxx/CVE-2001-0219.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0101-137", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q1/0016.html" - }, - { - "name" : "hp-stm-dos(5957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5957" - }, - { - "name" : "2239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2239" - }, - { - "name" : "6991", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6991" - }, - { - "name" : "7029", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7029" - }, - { - "name" : "7030", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2239" + }, + { + "name": "HPSBUX0101-137", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q1/0016.html" + }, + { + "name": "7030", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7030" + }, + { + "name": "6991", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6991" + }, + { + "name": "7029", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7029" + }, + { + "name": "hp-stm-dos(5957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5957" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0238.json b/2001/0xxx/CVE-2001-0238.json index 01b6e17fe6d..dbb956127f1 100644 --- a/2001/0xxx/CVE-2001-0238.json +++ b/2001/0xxx/CVE-2001-0238.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-022", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-022" - }, - { - "name" : "L-074", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-074.shtml" - }, - { - "name" : "ms-dacipp-webdav-access(6405)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "L-074", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-074.shtml" + }, + { + "name": "MS01-022", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-022" + }, + { + "name": "ms-dacipp-webdav-access(6405)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6405" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0558.json b/2001/0xxx/CVE-2001-0558.json index 9481e765854..a906d8b5186 100644 --- a/2001/0xxx/CVE-2001-0558.json +++ b/2001/0xxx/CVE-2001-0558.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010507 Advisory for Jana server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html" - }, - { - "name" : "jana-server-device-dos(6521)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6521" - }, - { - "name" : "2704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2704" - }, - { - "name" : "1817", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010507 Advisory for Jana server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html" + }, + { + "name": "2704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2704" + }, + { + "name": "jana-server-device-dos(6521)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6521" + }, + { + "name": "1817", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1817" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0585.json b/2001/0xxx/CVE-2001-0585.json index 126c7f0c4f7..5f13c399d80 100644 --- a/2001/0xxx/CVE-2001-0585.json +++ b/2001/0xxx/CVE-2001-0585.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010320 def-2001-13: NTMail Web Services DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html" - }, - { - "name" : "2494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2494" - }, - { - "name" : "ntmail-long-url-dos(6249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2494" + }, + { + "name": "ntmail-long-url-dos(6249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6249" + }, + { + "name": "20010320 def-2001-13: NTMail Web Services DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0745.json b/2001/0xxx/CVE-2001-0745.json index 3ca0cdf7b74..740a46bc68f 100644 --- a/2001/0xxx/CVE-2001-0745.json +++ b/2001/0xxx/CVE-2001-0745.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0014.html" - }, - { - "name" : "netscape-user-info-retrieval(7417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7417" - }, - { - "name" : "5543", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0014.html" + }, + { + "name": "netscape-user-info-retrieval(7417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7417" + }, + { + "name": "5543", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5543" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0877.json b/2001/0xxx/CVE-2001-0877.json index 21ddc0c5fae..d931db5b29a 100644 --- a/2001/0xxx/CVE-2001-0877.json +++ b/2001/0xxx/CVE-2001-0877.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100887440810532&w=2" - }, - { - "name" : "20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=100887271006313&w=2" - }, - { - "name" : "20020109 UPNP Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/249238" - }, - { - "name" : "MS01-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059" - }, - { - "name" : "CA-2001-37", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-37.html" - }, - { - "name" : "VU#411059", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/411059" - }, - { - "name" : "M-030", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-030.shtml" - }, - { - "name" : "3724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3724" - }, - { - "name" : "win-upnp-udp-dos(7722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#411059", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/411059" + }, + { + "name": "M-030", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-030.shtml" + }, + { + "name": "20020109 UPNP Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/249238" + }, + { + "name": "20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=100887271006313&w=2" + }, + { + "name": "20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100887440810532&w=2" + }, + { + "name": "CA-2001-37", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-37.html" + }, + { + "name": "win-upnp-udp-dos(7722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7722" + }, + { + "name": "MS01-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059" + }, + { + "name": "3724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3724" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0892.json b/2001/0xxx/CVE-2001-0892.json index be657769413..66d41981632 100644 --- a/2001/0xxx/CVE-2001-0892.json +++ b/2001/0xxx/CVE-2001-0892.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100568999726036&w=2" - }, - { - "name" : "http://www.acme.com/software/thttpd/", - "refsource" : "CONFIRM", - "url" : "http://www.acme.com/software/thttpd/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100568999726036&w=2" + }, + { + "name": "http://www.acme.com/software/thttpd/", + "refsource": "CONFIRM", + "url": "http://www.acme.com/software/thttpd/" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2295.json b/2006/2xxx/CVE-2006-2295.json index 0dcc1050fc7..98b7f7c9534 100644 --- a/2006/2xxx/CVE-2006-2295.json +++ b/2006/2xxx/CVE-2006-2295.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote attackers to access arbitrary files via an absolute path in the pfad parameter to (1) index.php and (2) galerie.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html", - "refsource" : "MISC", - "url" : "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html" - }, - { - "name" : "17896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17896" - }, - { - "name" : "ADV-2006-1699", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1699" - }, - { - "name" : "19995", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19995" - }, - { - "name" : "dynamicgalerie-multiple-path-disclosure(26322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote attackers to access arbitrary files via an absolute path in the pfad parameter to (1) index.php and (2) galerie.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1699", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1699" + }, + { + "name": "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html", + "refsource": "MISC", + "url": "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html" + }, + { + "name": "17896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17896" + }, + { + "name": "19995", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19995" + }, + { + "name": "dynamicgalerie-multiple-path-disclosure(26322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26322" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2314.json b/2006/2xxx/CVE-2006-2314.json index 6b6c03d85e1..872d4ef68c7 100644 --- a/2006/2xxx/CVE-2006-2314.json +++ b/2006/2xxx/CVE-2006-2314.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the \"\\\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of \"Encoding-Based SQL Injection.\" NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060523 PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435038/100/0/threaded" - }, - { - "name" : "20060524 rPSA-2006-0080-1 postgresql postgresql-server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435161/100/0/threaded" - }, - { - "name" : "[pgsql-announce] 20060523 Security Releases for All Active Versions", - "refsource" : "MLIST", - "url" : "http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php" - }, - { - "name" : "http://www.postgresql.org/docs/techdocs.50", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/techdocs.50" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm" - }, - { - "name" : "DSA-1087", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1087" - }, - { - "name" : "GLSA-200607-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200607-04.xml" - }, - { - "name" : "MDKSA-2006:098", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:098" - }, - { - "name" : "RHSA-2006:0526", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0526.html" - }, - { - "name" : "20060602-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" - }, - { - "name" : "SUSE-SA:2006:030", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html" - }, - { - "name" : "SUSE-SR:2006:021", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_21_sr.html" - }, - { - "name" : "2006-0032", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0032/" - }, - { - "name" : "USN-288-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/288-1/" - }, - { - "name" : "USN-288-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-288-2" - }, - { - "name" : "USN-288-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-288-3" - }, - { - "name" : "18092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18092" - }, - { - "name" : "oval:org.mitre.oval:def:9947", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9947" - }, - { - "name" : "ADV-2006-1941", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1941" - }, - { - "name" : "25731", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25731" - }, - { - "name" : "1016142", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016142" - }, - { - "name" : "20231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20231" - }, - { - "name" : "20232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20232" - }, - { - "name" : "20314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20314" - }, - { - "name" : "20435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20435" - }, - { - "name" : "20451", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20451" - }, - { - "name" : "20503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20503" - }, - { - "name" : "20555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20555" - }, - { - "name" : "20782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20782" - }, - { - "name" : "21001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21001" - }, - { - "name" : "21749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21749" - }, - { - "name" : "20653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20653" - }, - { - "name" : "postgresql-ascii-sql-injection(26628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26628" - }, - { - "name" : "postgresql-multibyte-sql-injection(26627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the \"\\\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of \"Encoding-Based SQL Injection.\" NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "postgresql-ascii-sql-injection(26628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26628" + }, + { + "name": "GLSA-200607-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200607-04.xml" + }, + { + "name": "20435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20435" + }, + { + "name": "18092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18092" + }, + { + "name": "20503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20503" + }, + { + "name": "20451", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20451" + }, + { + "name": "21001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21001" + }, + { + "name": "http://www.postgresql.org/docs/techdocs.50", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/techdocs.50" + }, + { + "name": "20231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20231" + }, + { + "name": "20653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20653" + }, + { + "name": "SUSE-SA:2006:030", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html" + }, + { + "name": "21749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21749" + }, + { + "name": "25731", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25731" + }, + { + "name": "20782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20782" + }, + { + "name": "RHSA-2006:0526", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0526.html" + }, + { + "name": "2006-0032", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0032/" + }, + { + "name": "20060602-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" + }, + { + "name": "ADV-2006-1941", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1941" + }, + { + "name": "20060524 rPSA-2006-0080-1 postgresql postgresql-server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435161/100/0/threaded" + }, + { + "name": "20232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20232" + }, + { + "name": "20060523 PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435038/100/0/threaded" + }, + { + "name": "USN-288-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/288-1/" + }, + { + "name": "MDKSA-2006:098", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:098" + }, + { + "name": "SUSE-SR:2006:021", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm" + }, + { + "name": "postgresql-multibyte-sql-injection(26627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26627" + }, + { + "name": "oval:org.mitre.oval:def:9947", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9947" + }, + { + "name": "20555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20555" + }, + { + "name": "[pgsql-announce] 20060523 Security Releases for All Active Versions", + "refsource": "MLIST", + "url": "http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php" + }, + { + "name": "1016142", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016142" + }, + { + "name": "USN-288-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-288-3" + }, + { + "name": "USN-288-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-288-2" + }, + { + "name": "20314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20314" + }, + { + "name": "DSA-1087", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1087" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2657.json b/2006/2xxx/CVE-2006-2657.json index 92e47a7fa96..56aea305582 100644 --- a/2006/2xxx/CVE-2006-2657.json +++ b/2006/2xxx/CVE-2006-2657.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2657", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3017. Reason: This candidate is a reservation duplicate of CVE-2006-3017. Notes: All CVE users should reference CVE-2006-3017 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-2657", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3017. Reason: This candidate is a reservation duplicate of CVE-2006-3017. Notes: All CVE users should reference CVE-2006-3017 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2970.json b/2006/2xxx/CVE-2006-2970.json index 5e0985c77a4..cd95683c9ad 100644 --- a/2006/2xxx/CVE-2006-2970.json +++ b/2006/2xxx/CVE-2006-2970.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060609 TinyMuw v1.0 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436640/100/0/threaded" - }, - { - "name" : "ADV-2006-2310", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2310" - }, - { - "name" : "1091", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1091" - }, - { - "name" : "tinymuw-videopage-path-disclosure(27155)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060609 TinyMuw v1.0 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436640/100/0/threaded" + }, + { + "name": "tinymuw-videopage-path-disclosure(27155)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27155" + }, + { + "name": "ADV-2006-2310", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2310" + }, + { + "name": "1091", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1091" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6276.json b/2006/6xxx/CVE-2006-6276.json index 601706e4533..e4882208506 100644 --- a/2006/6xxx/CVE-2006-6276.json +++ b/2006/6xxx/CVE-2006-6276.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102733", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1" - }, - { - "name" : "21371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21371" - }, - { - "name" : "ADV-2006-4793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4793" - }, - { - "name" : "1017322", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017322" - }, - { - "name" : "1017323", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017323" - }, - { - "name" : "1017324", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017324" - }, - { - "name" : "23186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23186" - }, - { - "name" : "sunserver-proxy-csrf(30662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102733", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1" + }, + { + "name": "23186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23186" + }, + { + "name": "1017324", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017324" + }, + { + "name": "sunserver-proxy-csrf(30662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662" + }, + { + "name": "ADV-2006-4793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4793" + }, + { + "name": "21371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21371" + }, + { + "name": "1017323", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017323" + }, + { + "name": "1017322", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017322" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6345.json b/2006/6xxx/CVE-2006-6345.json index 7d71666f99d..569cd12e889 100644 --- a/2006/6xxx/CVE-2006-6345.json +++ b/2006/6xxx/CVE-2006-6345.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061205 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453561/100/0/threaded" - }, - { - "name" : "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf" - }, - { - "name" : "21449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21449" - }, - { - "name" : "ADV-2006-4863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4863" - }, - { - "name" : "1017342", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017342" - }, - { - "name" : "23262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23262" - }, - { - "name" : "1986", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1986" - }, - { - "name" : "sap-http-file-deletion(30765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21449" + }, + { + "name": "sap-http-file-deletion(30765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30765" + }, + { + "name": "ADV-2006-4863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4863" + }, + { + "name": "23262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23262" + }, + { + "name": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Arbitrary_File_Removal.pdf" + }, + { + "name": "1986", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1986" + }, + { + "name": "1017342", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017342" + }, + { + "name": "20061205 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453561/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2211.json b/2011/2xxx/CVE-2011-2211.json index b65af0582fe..a0a4e96a592 100644 --- a/2011/2xxx/CVE-2011-2211.json +++ b/2011/2xxx/CVE-2011-2211.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform uses an incorrect pointer, which allows local users to gain privileges by writing a certain integer value to kernel memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110615 Re: CVE request: kernel: alpha: fix several security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/15/7" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21c5977a836e399fc710ff2c5367845ed5c2527f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21c5977a836e399fc710ff2c5367845ed5c2527f" - }, - { - "name" : "https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform uses an incorrect pointer, which allows local users to gain privileges by writing a certain integer value to kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4" + }, + { + "name": "[oss-security] 20110615 Re: CVE request: kernel: alpha: fix several security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/15/7" + }, + { + "name": "https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/21c5977a836e399fc710ff2c5367845ed5c2527f" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21c5977a836e399fc710ff2c5367845ed5c2527f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21c5977a836e399fc710ff2c5367845ed5c2527f" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2478.json b/2011/2xxx/CVE-2011-2478.json index a47d5e2f29b..d42c436d719 100644 --- a/2011/2xxx/CVE-2011-2478.json +++ b/2011/2xxx/CVE-2011-2478.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://technet.microsoft.com/en-us/security/msvr/msvr11-006", - "refsource" : "MISC", - "url" : "http://technet.microsoft.com/en-us/security/msvr/msvr11-006" - }, - { - "name" : "http://support.google.com/sketchup/bin/static.py?hl=en&page=release_notes.cs&rd=1", - "refsource" : "CONFIRM", - "url" : "http://support.google.com/sketchup/bin/static.py?hl=en&page=release_notes.cs&rd=1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006", + "refsource": "MISC", + "url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006" + }, + { + "name": "http://support.google.com/sketchup/bin/static.py?hl=en&page=release_notes.cs&rd=1", + "refsource": "CONFIRM", + "url": "http://support.google.com/sketchup/bin/static.py?hl=en&page=release_notes.cs&rd=1" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2733.json b/2011/2xxx/CVE-2011-2733.json index f72f24e4336..f94bba9542b 100644 --- a/2011/2xxx/CVE-2011-2733.json +++ b/2011/2xxx/CVE-2011-2733.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2011-2733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110816 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519346/100/0/threaded" - }, - { - "name" : "49574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49574" - }, - { - "name" : "8344", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49574" + }, + { + "name": "20110816 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519346/100/0/threaded" + }, + { + "name": "8344", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8344" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2917.json b/2011/2xxx/CVE-2011-2917.json index 27956fde884..a6b5b8281c0 100644 --- a/2011/2xxx/CVE-2011-2917.json +++ b/2011/2xxx/CVE-2011-2917.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18110", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18110" - }, - { - "name" : "[oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/12/6" - }, - { - "name" : "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection" - }, - { - "name" : "49130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49130" - }, - { - "name" : "74502", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/74502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49130" + }, + { + "name": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection" + }, + { + "name": "[oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/12/6" + }, + { + "name": "18110", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18110" + }, + { + "name": "74502", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/74502" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3439.json b/2011/3xxx/CVE-2011-3439.json index 828d26f70e1..76ff229ece1 100644 --- a/2011/3xxx/CVE-2011-3439.json +++ b/2011/3xxx/CVE-2011-3439.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5052", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5052" - }, - { - "name" : "APPLE-SA-2011-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html" - }, - { - "name" : "SUSE-SU-2011:1307", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html" - }, - { - "name" : "openSUSE-SU-2012:0015", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html" - }, - { - "name" : "openSUSE-SU-2012:0047", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html" - }, - { - "name" : "46921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46921" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:0015", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html" + }, + { + "name": "SUSE-SU-2011:1307", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html" + }, + { + "name": "openSUSE-SU-2012:0047", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html" + }, + { + "name": "APPLE-SA-2011-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT5052", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5052" + }, + { + "name": "46921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46921" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3774.json b/2011/3xxx/CVE-2011-3774.json index cc741338cb4..e7e870e51ba 100644 --- a/2011/3xxx/CVE-2011-3774.json +++ b/2011/3xxx/CVE-2011-3774.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Easy-Survey-Package-2.1.1", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Easy-Survey-Package-2.1.1" - }, - { - "name" : "phpesp-landing-path-disclosure(70546)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpesp-landing-path-disclosure(70546)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70546" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Easy-Survey-Package-2.1.1", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Easy-Survey-Package-2.1.1" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4163.json b/2011/4xxx/CVE-2011-4163.json index 1da4fc5becb..3c93ccbec1b 100644 --- a/2011/4xxx/CVE-2011-4163.json +++ b/2011/4xxx/CVE-2011-4163.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-4163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02731", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132517846332173&w=2" - }, - { - "name" : "SSRT100518", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132517846332173&w=2" - }, - { - "name" : "51205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100518", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132517846332173&w=2" + }, + { + "name": "HPSBMU02731", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132517846332173&w=2" + }, + { + "name": "51205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51205" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4200.json b/2011/4xxx/CVE-2011-4200.json index 42ee05f8524..ae6a89027a4 100644 --- a/2011/4xxx/CVE-2011-4200.json +++ b/2011/4xxx/CVE-2011-4200.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4200", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4200", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4255.json b/2011/4xxx/CVE-2011-4255.json index a3edd3af12f..b93764dedea 100644 --- a/2011/4xxx/CVE-2011-4255.json +++ b/2011/4xxx/CVE-2011-4255.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/11182011_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/11182011_player/en/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.real.com/realplayer/security/11182011_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/11182011_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4283.json b/2011/4xxx/CVE-2011-4283.json index 3002793eedf..3df2b185188 100644 --- a/2011/4xxx/CVE-2011-4283.json +++ b/2011/4xxx/CVE-2011-4283.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/14/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=6fde0dac702b3d0954bd1c34d427944e9cd89ae6", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=6fde0dac702b3d0954bd1c34d427944e9cd89ae6" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=170009", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=170009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/14/1" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=170009", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=170009" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=6fde0dac702b3d0954bd1c34d427944e9cd89ae6", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=6fde0dac702b3d0954bd1c34d427944e9cd89ae6" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4757.json b/2011/4xxx/CVE-2011-4757.json index dd793a32241..be522dfccc5 100644 --- a/2011/4xxx/CVE-2011-4757.json +++ b/2011/4xxx/CVE-2011-4757.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html" - }, - { - "name" : "ppsbp-autocomplete-security-bypass(72209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ppsbp-autocomplete-security-bypass(72209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72209" + }, + { + "name": "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/plesk-10.2.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1063.json b/2013/1xxx/CVE-2013-1063.json index a3825954aa8..bb4981c555f 100644 --- a/2013/1xxx/CVE-2013-1063.json +++ b/2013/1xxx/CVE-2013-1063.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2013-1063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2" - }, - { - "name" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2" - }, - { - "name" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1" - }, - { - "name" : "USN-1963-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1963-1" - }, - { - "name" : "54901", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1963-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1963-1" + }, + { + "name": "54901", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54901" + }, + { + "name": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2", + "refsource": "CONFIRM", + "url": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2" + }, + { + "name": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1", + "refsource": "CONFIRM", + "url": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1" + }, + { + "name": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2", + "refsource": "CONFIRM", + "url": "https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1499.json b/2013/1xxx/CVE-2013-1499.json index 4f82d4478de..bbc3d78fea2 100644 --- a/2013/1xxx/CVE-2013-1499.json +++ b/2013/1xxx/CVE-2013-1499.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1545.json b/2013/1xxx/CVE-2013-1545.json index 9aaf8ab5b26..27f5560601f 100644 --- a/2013/1xxx/CVE-2013-1545.json +++ b/2013/1xxx/CVE-2013-1545.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1978.json b/2013/1xxx/CVE-2013-1978.json index 6c825e04b78..68876703352 100644 --- a/2013/1xxx/CVE-2013-1978.json +++ b/2013/1xxx/CVE-2013-1978.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=953902", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=953902" - }, - { - "name" : "DSA-2813", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2813" - }, - { - "name" : "GLSA-201603-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-01" - }, - { - "name" : "RHSA-2013:1778", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1778.html" - }, - { - "name" : "USN-2051-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2051-1" - }, - { - "name" : "64098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64098" + }, + { + "name": "RHSA-2013:1778", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html" + }, + { + "name": "GLSA-201603-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-01" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=953902", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953902" + }, + { + "name": "DSA-2813", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2813" + }, + { + "name": "USN-2051-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2051-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5097.json b/2013/5xxx/CVE-2013-5097.json index bfa1679756d..433534316da 100644 --- a/2013/5xxx/CVE-2013-5097.json +++ b/2013/5xxx/CVE-2013-5097.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/JSA10585", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/JSA10585" - }, - { - "name" : "1028923", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.juniper.net/JSA10585", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/JSA10585" + }, + { + "name": "1028923", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028923" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5419.json b/2013/5xxx/CVE-2013-5419.json index b6532a7f0b5..b13735c17d8 100644 --- a/2013/5xxx/CVE-2013-5419.json +++ b/2013/5xxx/CVE-2013-5419.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc" - }, - { - "name" : "IV47427", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV47427" - }, - { - "name" : "IV47428", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV47428" - }, - { - "name" : "IV47429", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV47429" - }, - { - "name" : "IV47430", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV47430" - }, - { - "name" : "oval:org.mitre.oval:def:18775", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18775" - }, - { - "name" : "aix-printer-cve20135419-bo(87481)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV47429", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV47429" + }, + { + "name": "IV47427", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV47427" + }, + { + "name": "oval:org.mitre.oval:def:18775", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18775" + }, + { + "name": "aix-printer-cve20135419-bo(87481)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87481" + }, + { + "name": "IV47428", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV47428" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc" + }, + { + "name": "IV47430", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV47430" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5880.json b/2013/5xxx/CVE-2013-5880.json index a08cd1fec6f..8cffe232813 100644 --- a/2013/5xxx/CVE-2013-5880.json +++ b/2013/5xxx/CVE-2013-5880.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64836" - }, - { - "name" : "102095", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102095" - }, - { - "name" : "1029620", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029620" - }, - { - "name" : "56474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102095", + "refsource": "OSVDB", + "url": "http://osvdb.org/102095" + }, + { + "name": "1029620", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029620" + }, + { + "name": "56474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56474" + }, + { + "name": "64836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64836" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5912.json b/2013/5xxx/CVE-2013-5912.json index 92bdd8a8be2..e7119cedf16 100644 --- a/2013/5xxx/CVE-2013-5912.json +++ b/2013/5xxx/CVE-2013-5912.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#893462", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/893462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#893462", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/893462" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5923.json b/2013/5xxx/CVE-2013-5923.json index 65a25c5e99f..c645d3198f4 100644 --- a/2013/5xxx/CVE-2013-5923.json +++ b/2013/5xxx/CVE-2013-5923.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5923", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5923", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5995.json b/2013/5xxx/CVE-2013-5995.json index 2e3073a48e2..75fbd0749dd 100644 --- a/2013/5xxx/CVE-2013-5995.json +++ b/2013/5xxx/CVE-2013-5995.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-5995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.ec-cube.net/open_trac/changeset/23274", - "refsource" : "CONFIRM", - "url" : "http://svn.ec-cube.net/open_trac/changeset/23274" - }, - { - "name" : "http://www.ec-cube.net/info/weakness/weakness.php?id=51", - "refsource" : "CONFIRM", - "url" : "http://www.ec-cube.net/info/weakness/weakness.php?id=51" - }, - { - "name" : "JVN#55630933", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN55630933/index.html" - }, - { - "name" : "JVNDB-2013-000106", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#55630933", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN55630933/index.html" + }, + { + "name": "JVNDB-2013-000106", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106" + }, + { + "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=51", + "refsource": "CONFIRM", + "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51" + }, + { + "name": "http://svn.ec-cube.net/open_trac/changeset/23274", + "refsource": "CONFIRM", + "url": "http://svn.ec-cube.net/open_trac/changeset/23274" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2271.json b/2014/2xxx/CVE-2014-2271.json index 01bffb31568..92a6ea34883 100644 --- a/2014/2xxx/CVE-2014-2271.json +++ b/2014/2xxx/CVE-2014-2271.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2271", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2271", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2802.json b/2014/2xxx/CVE-2014-2802.json index 1f2d4b45b34..bfb7d72085c 100644 --- a/2014/2xxx/CVE-2014-2802.json +++ b/2014/2xxx/CVE-2014-2802.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2806." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68384" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2806." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "68384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68384" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0671.json b/2017/0xxx/CVE-2017-0671.json index 6c1287f6543..fa887700adf 100644 --- a/2017/0xxx/CVE-2017-0671.json +++ b/2017/0xxx/CVE-2017-0671.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0767.json b/2017/0xxx/CVE-2017-0767.json index 4ecbda330a6..e732297cb9b 100644 --- a/2017/0xxx/CVE-2017-0767.json +++ b/2017/0xxx/CVE-2017-0767.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100649" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000144.json b/2017/1000xxx/CVE-2017-1000144.json index a2ec61ea6d0..cb96739b37d 100644 --- a/2017/1000xxx/CVE-2017-1000144.json +++ b/2017/1000xxx/CVE-2017-1000144.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.355678", - "ID" : "CVE-2017-1000144", - "REQUESTER" : "info@mahara.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mahara", - "version" : { - "version_data" : [ - { - "version_value" : "<1.9.6, <1.10.4, <15.04.1" - } - ] - } - } - ] - }, - "vendor_name" : "Mahara" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.355678", + "ID": "CVE-2017-1000144", + "REQUESTER": "info@mahara.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1447377", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/mahara/+bug/1447377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1447377", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/mahara/+bug/1447377" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000388.json b/2017/1000xxx/CVE-2017-1000388.json index 82c81c3629c..0ee4d4f6aba 100644 --- a/2017/1000xxx/CVE-2017-1000388.json +++ b/2017/1000xxx/CVE-2017-1000388.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-11-17", - "ID" : "CVE-2017-1000388", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Dependency Graph Viewer Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "0.12 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Dependency Graph Viewer Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-11-17", + "ID": "CVE-2017-1000388", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-10-23/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-10-23/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-10-23/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-10-23/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12054.json b/2017/12xxx/CVE-2017-12054.json index bb82d0d6d50..aada05c8a0d 100644 --- a/2017/12xxx/CVE-2017-12054.json +++ b/2017/12xxx/CVE-2017-12054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12054", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12054", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16433.json b/2017/16xxx/CVE-2017-16433.json index 1ce94a57b27..bf40edbeb57 100644 --- a/2017/16xxx/CVE-2017-16433.json +++ b/2017/16xxx/CVE-2017-16433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16433", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16433", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16641.json b/2017/16xxx/CVE-2017-16641.json index 9ce119a1af5..5ae3a0f412c 100644 --- a/2017/16xxx/CVE-2017-16641.json +++ b/2017/16xxx/CVE-2017-16641.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Cacti/cacti/issues/1057", - "refsource" : "CONFIRM", - "url" : "https://github.com/Cacti/cacti/issues/1057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Cacti/cacti/issues/1057", + "refsource": "CONFIRM", + "url": "https://github.com/Cacti/cacti/issues/1057" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16676.json b/2017/16xxx/CVE-2017-16676.json index ad55d265d77..2f8116ee7a4 100644 --- a/2017/16xxx/CVE-2017-16676.json +++ b/2017/16xxx/CVE-2017-16676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1174.json b/2017/1xxx/CVE-2017-1174.json index b0479433a49..8672857d3bc 100644 --- a/2017/1xxx/CVE-2017-1174.json +++ b/2017/1xxx/CVE-2017-1174.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-09T00:00:00", - "ID" : "CVE-2017-1174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2" - }, - { - "version_value" : "5.2.4" - }, - { - "version_value" : "5.2.1" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2.3" - }, - { - "version_value" : "5.2.5" - }, - { - "version_value" : "5.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-09T00:00:00", + "ID": "CVE-2017-1174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2" + }, + { + "version_value": "5.2.4" + }, + { + "version_value": "5.2.1" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2.3" + }, + { + "version_value": "5.2.5" + }, + { + "version_value": "5.2.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123296", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123296" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004268", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004268" - }, - { - "name" : "100246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004268", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004268" + }, + { + "name": "100246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100246" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123296", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123296" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1702.json b/2017/1xxx/CVE-2017-1702.json index 6618c052eaa..cc0773e2035 100644 --- a/2017/1xxx/CVE-2017-1702.json +++ b/2017/1xxx/CVE-2017-1702.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1702", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1702", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4138.json b/2017/4xxx/CVE-2017-4138.json index 944a8bc493f..d48e3546e9f 100644 --- a/2017/4xxx/CVE-2017-4138.json +++ b/2017/4xxx/CVE-2017-4138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4138", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4138", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4415.json b/2017/4xxx/CVE-2017-4415.json index 7c534033e85..864ea78032e 100644 --- a/2017/4xxx/CVE-2017-4415.json +++ b/2017/4xxx/CVE-2017-4415.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4415", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4415", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4424.json b/2017/4xxx/CVE-2017-4424.json index f43b972911d..98b7a789e02 100644 --- a/2017/4xxx/CVE-2017-4424.json +++ b/2017/4xxx/CVE-2017-4424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4424", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4424", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4919.json b/2017/4xxx/CVE-2017-4919.json index 4407e8bf7c7..04d8c3e3327 100644 --- a/2017/4xxx/CVE-2017-4919.json +++ b/2017/4xxx/CVE-2017-4919.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2017-07-27T00:00:00", - "ID" : "CVE-2017-4919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VMware vCenter Server", - "version" : { - "version_data" : [ - { - "version_value" : "VMware vCenter Server 5.5.x, 6.0.x, 6.5.x" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthorized Access Heap buffer-overflow vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2017-07-27T00:00:00", + "ID": "CVE-2017-4919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server 5.5.x, 6.0.x, 6.5.x" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2017-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2017-0012.html" - }, - { - "name" : "100102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100102" - }, - { - "name" : "1039004", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized Access Heap buffer-overflow vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039004", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039004" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2017-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2017-0012.html" + }, + { + "name": "100102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100102" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5053.json b/2018/5xxx/CVE-2018-5053.json index c1893c7278b..c2d7b1b5d35 100644 --- a/2018/5xxx/CVE-2018-5053.json +++ b/2018/5xxx/CVE-2018-5053.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5658.json b/2018/5xxx/CVE-2018-5658.json index 444c65f0692..13ad593ec5a 100644 --- a/2018/5xxx/CVE-2018-5658.json +++ b/2018/5xxx/CVE-2018-5658.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9010", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/9010", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9010" + }, + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5849.json b/2018/5xxx/CVE-2018-5849.json index b064bedb7b3..a7b6966da83 100644 --- a/2018/5xxx/CVE-2018-5849.json +++ b/2018/5xxx/CVE-2018-5849.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2018-5849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in QTEE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2018-5849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in QTEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file