diff --git a/2001/0xxx/CVE-2001-0394.json b/2001/0xxx/CVE-2001-0394.json index 61763a91c84..6060ac05262 100644 --- a/2001/0xxx/CVE-2001-0394.json +++ b/2001/0xxx/CVE-2001-0394.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010328 def-2001-15: Website Pro Remote Manager DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html" - }, - { - "name" : "website-pro-remote-dos(6295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6295" - }, - { - "name" : "5669", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010328 def-2001-15: Website Pro Remote Manager DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html" + }, + { + "name": "website-pro-remote-dos(6295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6295" + }, + { + "name": "5669", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5669" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0553.json b/2001/0xxx/CVE-2001-0553.json index e1b06722fa1..951fd7e62dd 100644 --- a/2001/0xxx/CVE-2001-0553.json +++ b/2001/0xxx/CVE-2001-0553.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use \"NP\" in the password field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html" - }, - { - "name" : "http://www.ssh.com/products/ssh/exploit.cfm", - "refsource" : "CONFIRM", - "url" : "http://www.ssh.com/products/ssh/exploit.cfm" - }, - { - "name" : "VU#737451", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/737451" - }, - { - "name" : "L-121", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-121.shtml" - }, - { - "name" : "3078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3078" - }, - { - "name" : "ssh-password-length-unauth-access(6868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6868" - }, - { - "name" : "586", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use \"NP\" in the password field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html" + }, + { + "name": "http://www.ssh.com/products/ssh/exploit.cfm", + "refsource": "CONFIRM", + "url": "http://www.ssh.com/products/ssh/exploit.cfm" + }, + { + "name": "ssh-password-length-unauth-access(6868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6868" + }, + { + "name": "VU#737451", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/737451" + }, + { + "name": "586", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/586" + }, + { + "name": "L-121", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-121.shtml" + }, + { + "name": "3078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3078" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0653.json b/2001/0xxx/CVE-2001-0653.json index 8e06d282116..bcb52de1600 100644 --- a/2001/0xxx/CVE-2001-0653.json +++ b/2001/0xxx/CVE-2001-0653.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010821 *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99841063100516&w=2" - }, - { - "name" : "http://www.sendmail.org/8.11.html", - "refsource" : "CONFIRM", - "url" : "http://www.sendmail.org/8.11.html" - }, - { - "name" : "CSSA-2001-032.0", - "refsource" : "CALDERA", - "url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txt" - }, - { - "name" : "CLA-2001:412", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412" - }, - { - "name" : "HPSBTL0112-007", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-007" - }, - { - "name" : "IMNX-2001-70-032-01", - "refsource" : "IMMUNIX", - "url" : "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01" - }, - { - "name" : "MDKSA-2001:075", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3" - }, - { - "name" : "NetBSD-SA2001-017", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.asc" - }, - { - "name" : "RHSA-2001:106", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2001-106.html" - }, - { - "name" : "SuSE-SA:2001:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2001_028_sendmail_txt.html" - }, - { - "name" : "L-133", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-133.shtml" - }, - { - "name" : "3163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3163" - }, - { - "name" : "sendmail-debug-signed-int-overflow(7016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2001:075", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3" + }, + { + "name": "NetBSD-SA2001-017", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.asc" + }, + { + "name": "SuSE-SA:2001:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2001_028_sendmail_txt.html" + }, + { + "name": "sendmail-debug-signed-int-overflow(7016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7016" + }, + { + "name": "3163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3163" + }, + { + "name": "CSSA-2001-032.0", + "refsource": "CALDERA", + "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txt" + }, + { + "name": "RHSA-2001:106", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2001-106.html" + }, + { + "name": "IMNX-2001-70-032-01", + "refsource": "IMMUNIX", + "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01" + }, + { + "name": "L-133", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-133.shtml" + }, + { + "name": "20010821 *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99841063100516&w=2" + }, + { + "name": "HPSBTL0112-007", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-007" + }, + { + "name": "CLA-2001:412", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412" + }, + { + "name": "http://www.sendmail.org/8.11.html", + "refsource": "CONFIRM", + "url": "http://www.sendmail.org/8.11.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1487.json b/2001/1xxx/CVE-2001-1487.json index 8ce952db1df..5b7e690e615 100644 --- a/2001/1xxx/CVE-2001-1487.json +++ b/2001/1xxx/CVE-2001-1487.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011217 Advisory: popauth", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/246069" - }, - { - "name" : "qpopper-popauth-symlink(7707)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "qpopper-popauth-symlink(7707)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7707" + }, + { + "name": "20011217 Advisory: popauth", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/246069" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1562.json b/2001/1xxx/CVE-2001-1562.json index bf39e6c38b2..dcd0e48a3ba 100644 --- a/2001/1xxx/CVE-2001-1562.json +++ b/2001/1xxx/CVE-2001-1562.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-085", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-085" - }, - { - "name" : "SuSE-SA:2001:040", - "refsource" : "SUSE", - "url" : "http://marc.info/?l=bugtraq&m=100526142205694&w=2" - }, - { - "name" : "3456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3456" - }, - { - "name" : "nvi-format-string(7317)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7317.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SuSE-SA:2001:040", + "refsource": "SUSE", + "url": "http://marc.info/?l=bugtraq&m=100526142205694&w=2" + }, + { + "name": "DSA-085", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-085" + }, + { + "name": "3456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3456" + }, + { + "name": "nvi-format-string(7317)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7317.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2106.json b/2006/2xxx/CVE-2006-2106.json index c3f64a813f2..cca3de17865 100644 --- a/2006/2xxx/CVE-2006-2106.json +++ b/2006/2xxx/CVE-2006-2106.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a \"wiki macro.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.edgewall.com/blog/news/trac_0_9_5.html", - "refsource" : "CONFIRM", - "url" : "http://www.edgewall.com/blog/news/trac_0_9_5.html" - }, - { - "name" : "JVN#84091359", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2384091359/index.html" - }, - { - "name" : "17741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17741" - }, - { - "name" : "ADV-2006-1557", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1557" - }, - { - "name" : "1015986", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015986" - }, - { - "name" : "19870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19870" - }, - { - "name" : "trac-wiki-engine-xss(26125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a \"wiki macro.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19870" + }, + { + "name": "JVN#84091359", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2384091359/index.html" + }, + { + "name": "trac-wiki-engine-xss(26125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26125" + }, + { + "name": "http://www.edgewall.com/blog/news/trac_0_9_5.html", + "refsource": "CONFIRM", + "url": "http://www.edgewall.com/blog/news/trac_0_9_5.html" + }, + { + "name": "ADV-2006-1557", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1557" + }, + { + "name": "1015986", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015986" + }, + { + "name": "17741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17741" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2731.json b/2006/2xxx/CVE-2006-2731.json index 4180d0c0a1f..f36f8a745d0 100644 --- a/2006/2xxx/CVE-2006-2731.json +++ b/2006/2xxx/CVE-2006-2731.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 Advisory: Enigma Haber <= 4.3 Multiple Remote SQL InjectionVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435282/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?getxpl=34", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?getxpl=34" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=34", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=34" - }, - { - "name" : "18148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18148" - }, - { - "name" : "ADV-2006-2032", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2032" - }, - { - "name" : "26106", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26106" - }, - { - "name" : "26107", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26107" - }, - { - "name" : "26111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26111" - }, - { - "name" : "26112", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26112" - }, - { - "name" : "26113", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26113" - }, - { - "name" : "26114", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26114" - }, - { - "name" : "26115", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26115" - }, - { - "name" : "26116", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26116" - }, - { - "name" : "26117", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26117" - }, - { - "name" : "26118", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26118" - }, - { - "name" : "26119", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26119" - }, - { - "name" : "26108", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26108" - }, - { - "name" : "26109", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26109" - }, - { - "name" : "26110", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26110" - }, - { - "name" : "1016171", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016171" - }, - { - "name" : "20357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20357" - }, - { - "name" : "1003", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1003" - }, - { - "name" : "enigmahaber-multiple-sql-injection(26837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26109", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26109" + }, + { + "name": "26119", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26119" + }, + { + "name": "26115", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26115" + }, + { + "name": "26107", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26107" + }, + { + "name": "20060528 Advisory: Enigma Haber <= 4.3 Multiple Remote SQL InjectionVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435282/100/0/threaded" + }, + { + "name": "enigmahaber-multiple-sql-injection(26837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26837" + }, + { + "name": "26110", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26110" + }, + { + "name": "26108", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26108" + }, + { + "name": "1016171", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016171" + }, + { + "name": "ADV-2006-2032", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2032" + }, + { + "name": "1003", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1003" + }, + { + "name": "26111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26111" + }, + { + "name": "http://www.nukedx.com/?getxpl=34", + "refsource": "MISC", + "url": "http://www.nukedx.com/?getxpl=34" + }, + { + "name": "26112", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26112" + }, + { + "name": "26116", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26116" + }, + { + "name": "26117", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26117" + }, + { + "name": "http://www.nukedx.com/?viewdoc=34", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=34" + }, + { + "name": "18148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18148" + }, + { + "name": "26106", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26106" + }, + { + "name": "26114", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26114" + }, + { + "name": "26113", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26113" + }, + { + "name": "26118", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26118" + }, + { + "name": "20357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20357" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2997.json b/2006/2xxx/CVE-2006-2997.json index 1ada4977a68..ca3a4e62d70 100644 --- a/2006/2xxx/CVE-2006-2997.json +++ b/2006/2xxx/CVE-2006-2997.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060610 [MajorSecurity #12]ZMS<= 2.9 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436703/100/0/threaded" - }, - { - "name" : "http://www.majorsecurity.de/advisory/major_rls12.txt", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/advisory/major_rls12.txt" - }, - { - "name" : "ADV-2006-2279", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2279" - }, - { - "name" : "1016275", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016275" - }, - { - "name" : "20585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20585" - }, - { - "name" : "1093", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1093" - }, - { - "name" : "zms-searchform-xss(27055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.majorsecurity.de/advisory/major_rls12.txt", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/advisory/major_rls12.txt" + }, + { + "name": "20585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20585" + }, + { + "name": "1016275", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016275" + }, + { + "name": "1093", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1093" + }, + { + "name": "20060610 [MajorSecurity #12]ZMS<= 2.9 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436703/100/0/threaded" + }, + { + "name": "ADV-2006-2279", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2279" + }, + { + "name": "zms-searchform-xss(27055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27055" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6011.json b/2006/6xxx/CVE-2006-6011.json index a65ad6afa27..b4d590c08c9 100644 --- a/2006/6xxx/CVE-2006-6011.json +++ b/2006/6xxx/CVE-2006-6011.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka \"two bytes UDP crash,\" a different vulnerability than CVE-2006-5785." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061112 Old SAP exploits", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451378/100/0/threaded" - }, - { - "name" : "1889", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka \"two bytes UDP crash,\" a different vulnerability than CVE-2006-5785." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1889", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1889" + }, + { + "name": "20061112 Old SAP exploits", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6499.json b/2006/6xxx/CVE-2006-6499.json index 548dcac32c5..73bfa189477 100644 --- a/2006/6xxx/CVE-2006-6499.json +++ b/2006/6xxx/CVE-2006-6499.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-6499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html" - }, - { - "name" : "DSA-1253", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1253" - }, - { - "name" : "DSA-1258", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1258" - }, - { - "name" : "DSA-1265", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1265" - }, - { - "name" : "GLSA-200701-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-02.xml" - }, - { - "name" : "GLSA-200701-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "102846", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1" - }, - { - "name" : "SUSE-SA:2006:080", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" - }, - { - "name" : "SUSE-SA:2007:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" - }, - { - "name" : "USN-398-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-398-1" - }, - { - "name" : "USN-398-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-398-2" - }, - { - "name" : "USN-400-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-400-1" - }, - { - "name" : "TA06-354A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" - }, - { - "name" : "VU#427972", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/427972" - }, - { - "name" : "21668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21668" - }, - { - "name" : "ADV-2006-5068", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5068" - }, - { - "name" : "ADV-2007-1124", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1124" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1017398", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017398" - }, - { - "name" : "1017405", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017405" - }, - { - "name" : "1017406", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017406" - }, - { - "name" : "23282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23282" - }, - { - "name" : "23420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23420" - }, - { - "name" : "23422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23422" - }, - { - "name" : "23589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23589" - }, - { - "name" : "23545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23545" - }, - { - "name" : "23591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23591" - }, - { - "name" : "23614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23614" - }, - { - "name" : "23692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23692" - }, - { - "name" : "23672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23672" - }, - { - "name" : "23988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23988" - }, - { - "name" : "24078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24078" - }, - { - "name" : "24390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21668" + }, + { + "name": "23672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23672" + }, + { + "name": "ADV-2006-5068", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5068" + }, + { + "name": "1017398", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017398" + }, + { + "name": "DSA-1265", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1265" + }, + { + "name": "24078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24078" + }, + { + "name": "23692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23692" + }, + { + "name": "USN-398-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-398-2" + }, + { + "name": "GLSA-200701-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" + }, + { + "name": "23282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23282" + }, + { + "name": "24390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24390" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-68.html" + }, + { + "name": "23422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23422" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "23591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23591" + }, + { + "name": "ADV-2007-1124", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1124" + }, + { + "name": "1017405", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017405" + }, + { + "name": "23614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23614" + }, + { + "name": "1017406", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017406" + }, + { + "name": "USN-398-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-398-1" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "23420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23420" + }, + { + "name": "SUSE-SA:2006:080", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" + }, + { + "name": "VU#427972", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/427972" + }, + { + "name": "23545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23545" + }, + { + "name": "102846", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1" + }, + { + "name": "TA06-354A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" + }, + { + "name": "23589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23589" + }, + { + "name": "DSA-1253", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1253" + }, + { + "name": "DSA-1258", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1258" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "SUSE-SA:2007:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" + }, + { + "name": "23988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23988" + }, + { + "name": "GLSA-200701-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" + }, + { + "name": "USN-400-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-400-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5944.json b/2008/5xxx/CVE-2008-5944.json index f52d9f7ad1d..a6938689be7 100644 --- a/2008/5xxx/CVE-2008-5944.json +++ b/2008/5xxx/CVE-2008-5944.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0808-exploits/navboard-lfixss.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0808-exploits/navboard-lfixss.txt" - }, - { - "name" : "30687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30687" - }, - { - "name" : "31463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31463" - }, - { - "name" : "navboard-modules-xss(44451)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "navboard-modules-xss(44451)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44451" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0808-exploits/navboard-lfixss.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0808-exploits/navboard-lfixss.txt" + }, + { + "name": "30687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30687" + }, + { + "name": "31463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31463" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2155.json b/2011/2xxx/CVE-2011-2155.json index 15b9aca26a6..222d04e32db 100644 --- a/2011/2xxx/CVE-2011-2155.json +++ b/2011/2xxx/CVE-2011-2155.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MORO-8GYQR4", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MORO-8GYQR4" - }, - { - "name" : "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html" - }, - { - "name" : "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html" - }, - { - "name" : "VU#240150", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/240150" - }, - { - "name" : "smarterstats-login-security-bypass(67827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html" + }, + { + "name": "smarterstats-login-security-bypass(67827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67827" + }, + { + "name": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4" + }, + { + "name": "VU#240150", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/240150" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2214.json b/2011/2xxx/CVE-2011-2214.json index 40a6375cb4a..7f8bb4edf68 100644 --- a/2011/2xxx/CVE-2011-2214.json +++ b/2011/2xxx/CVE-2011-2214.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Open Database Connectivity (ODBC) component in 7T Interactive Graphical SCADA System (IGSS) before 9.0.0.11143 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 20222, which triggers memory corruption related to an \"invalid structure being used.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110524 VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518110/100/0/threaded" - }, - { - "name" : "47960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47960" - }, - { - "name" : "8265", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Open Database Connectivity (ODBC) component in 7T Interactive Graphical SCADA System (IGSS) before 9.0.0.11143 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 20222, which triggers memory corruption related to an \"invalid structure being used.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110524 VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518110/100/0/threaded" + }, + { + "name": "8265", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8265" + }, + { + "name": "47960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47960" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2435.json b/2011/2xxx/CVE-2011-2435.json index 0e9aecde4ab..c0028e02348 100644 --- a/2011/2xxx/CVE-2011-2435.json +++ b/2011/2xxx/CVE-2011-2435.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html" - }, - { - "name" : "SUSE-SA:2011:044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html" - }, - { - "name" : "SUSE-SU-2011:1239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2011:1238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:14143", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-24.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-24.html" + }, + { + "name": "SUSE-SU-2011:1239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html" + }, + { + "name": "SUSE-SA:2011:044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html" + }, + { + "name": "openSUSE-SU-2011:1238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html" + }, + { + "name": "oval:org.mitre.oval:def:14143", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14143" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2523.json b/2011/2xxx/CVE-2011-2523.json index 1fc87906c57..2ad858e4213 100644 --- a/2011/2xxx/CVE-2011-2523.json +++ b/2011/2xxx/CVE-2011-2523.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2523", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2523", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2841.json b/2011/2xxx/CVE-2011-2841.json index cb516129024..079c0522713 100644 --- a/2011/2xxx/CVE-2011-2841.json +++ b/2011/2xxx/CVE-2011-2841.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17929", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/17929/" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=78639", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=78639" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" - }, - { - "name" : "75541", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75541" - }, - { - "name" : "oval:org.mitre.oval:def:14019", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14019" - }, - { - "name" : "8411", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8411" - }, - { - "name" : "chrome-garbage-dos(69868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14019", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14019" + }, + { + "name": "chrome-garbage-dos(69868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69868" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=78639", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=78639" + }, + { + "name": "75541", + "refsource": "OSVDB", + "url": "http://osvdb.org/75541" + }, + { + "name": "8411", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8411" + }, + { + "name": "17929", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/17929/" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3450.json b/2011/3xxx/CVE-2011-3450.json index 5ab73d661af..9a1eb62cc4f 100644 --- a/2011/3xxx/CVE-2011-3450.json +++ b/2011/3xxx/CVE-2011-3450.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3725.json b/2011/3xxx/CVE-2011-3725.json index 30f04ff3949..5e0d1b4f500 100644 --- a/2011/3xxx/CVE-2011-3725.json +++ b/2011/3xxx/CVE-2011-3725.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by header_html.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/deluxebb-1.3", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/deluxebb-1.3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by header_html.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/deluxebb-1.3", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/deluxebb-1.3" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3745.json b/2011/3xxx/CVE-2011-3745.json index f949c7feb47..32d7ce13a18 100644 --- a/2011/3xxx/CVE-2011-3745.json +++ b/2011/3xxx/CVE-2011-3745.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/hycuscms-1.0.3", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/hycuscms-1.0.3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/hycuscms-1.0.3", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/hycuscms-1.0.3" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4199.json b/2011/4xxx/CVE-2011-4199.json index 6152c742cb1..898013bedab 100644 --- a/2011/4xxx/CVE-2011-4199.json +++ b/2011/4xxx/CVE-2011-4199.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4199", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4199", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4395.json b/2011/4xxx/CVE-2011-4395.json index 46c0fd4de3d..f6ef4f19b3f 100644 --- a/2011/4xxx/CVE-2011-4395.json +++ b/2011/4xxx/CVE-2011-4395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4395", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4395", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4669.json b/2011/4xxx/CVE-2011-4669.json index ae435711d28..4732166caa8 100644 --- a/2011/4xxx/CVE-2011-4669.json +++ b/2011/4xxx/CVE-2011-4669.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.trac.wordpress.org/changeset/448261/wordpress-users", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset/448261/wordpress-users" - }, - { - "name" : "http://wordpress.org/extend/plugins/wordpress-users/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/wordpress-users/" - }, - { - "name" : "50174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50174" - }, - { - "name" : "46442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46442" - }, - { - "name" : "users-index-sql-injection(70683)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "users-index-sql-injection(70683)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70683" + }, + { + "name": "50174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50174" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset/448261/wordpress-users", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset/448261/wordpress-users" + }, + { + "name": "http://wordpress.org/extend/plugins/wordpress-users/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/wordpress-users/" + }, + { + "name": "46442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46442" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0180.json b/2013/0xxx/CVE-2013-0180.json index 03ed1edf81c..8b3c8df7e5e 100644 --- a/2013/0xxx/CVE-2013-0180.json +++ b/2013/0xxx/CVE-2013-0180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0180", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0180", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0985.json b/2013/0xxx/CVE-2013-0985.json index 55402442284..454ab0d81c8 100644 --- a/2013/0xxx/CVE-2013-0985.json +++ b/2013/0xxx/CVE-2013-0985.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5784", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5784" - }, - { - "name" : "APPLE-SA-2013-06-04-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5784", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5784" + }, + { + "name": "APPLE-SA-2013-06-04-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1328.json b/2013/1xxx/CVE-2013-1328.json index 1b9decf3ff5..6791bbe83a0 100644 --- a/2013/1xxx/CVE-2013-1328.json +++ b/2013/1xxx/CVE-2013-1328.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka \"Publisher Pointer Handling Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" - }, - { - "name" : "TA13-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" - }, - { - "name" : "oval:org.mitre.oval:def:16765", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka \"Publisher Pointer Handling Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" + }, + { + "name": "oval:org.mitre.oval:def:16765", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16765" + }, + { + "name": "MS13-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1339.json b/2013/1xxx/CVE-2013-1339.json index fe805133438..2c1e24957cd 100644 --- a/2013/1xxx/CVE-2013-1339.json +++ b/2013/1xxx/CVE-2013-1339.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka \"Print Spooler Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-050" - }, - { - "name" : "TA13-168A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A" - }, - { - "name" : "oval:org.mitre.oval:def:16837", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka \"Print Spooler Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16837", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16837" + }, + { + "name": "MS13-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-050" + }, + { + "name": "TA13-168A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1989.json b/2013/1xxx/CVE-2013-1989.json index 6d193194546..c9c92675798 100644 --- a/2013/1xxx/CVE-2013-1989.json +++ b/2013/1xxx/CVE-2013-1989.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3" - }, - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" - }, - { - "name" : "DSA-2674", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2674" - }, - { - "name" : "FEDORA-2013-9066", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106889.html" - }, - { - "name" : "openSUSE-SU-2013:1010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00140.html" - }, - { - "name" : "USN-1867-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1867-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2013-9066", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106889.html" + }, + { + "name": "USN-1867-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1867-1" + }, + { + "name": "openSUSE-SU-2013:1010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00140.html" + }, + { + "name": "DSA-2674", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2674" + }, + { + "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5209.json b/2013/5xxx/CVE-2013-5209.json index c4ec2d9c96a..41f7aaaa952 100644 --- a/2013/5xxx/CVE-2013-5209.json +++ b/2013/5xxx/CVE-2013-5209.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=905080", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=905080" - }, - { - "name" : "http://svnweb.freebsd.org/base?view=revision&revision=254338", - "refsource" : "CONFIRM", - "url" : "http://svnweb.freebsd.org/base?view=revision&revision=254338" - }, - { - "name" : "FreeBSD-SA-13:10", - "refsource" : "FREEBSD", - "url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:10.sctp.asc" - }, - { - "name" : "61939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61939" - }, - { - "name" : "1028940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-13:10", + "refsource": "FREEBSD", + "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:10.sctp.asc" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=905080", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=905080" + }, + { + "name": "1028940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028940" + }, + { + "name": "61939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61939" + }, + { + "name": "http://svnweb.freebsd.org/base?view=revision&revision=254338", + "refsource": "CONFIRM", + "url": "http://svnweb.freebsd.org/base?view=revision&revision=254338" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5537.json b/2013/5xxx/CVE-2013-5537.json index 506520b15a5..d385c1e8038 100644 --- a/2013/5xxx/CVE-2013-5537.json +++ b/2013/5xxx/CVE-2013-5537.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131022 Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131022 Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5697.json b/2013/5xxx/CVE-2013-5697.json index 1b920c1e59d..5ab56ce7e5e 100644 --- a/2013/5xxx/CVE-2013-5697.json +++ b/2013/5xxx/CVE-2013-5697.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.baesystemsdetica.com.au/Research/Advisories/mod_accounting-Blind-SQL-Injection-%28DS-2013-006%29", - "refsource" : "MISC", - "url" : "http://www.baesystemsdetica.com.au/Research/Advisories/mod_accounting-Blind-SQL-Injection-%28DS-2013-006%29" - }, - { - "name" : "97588", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97588", + "refsource": "OSVDB", + "url": "http://osvdb.org/97588" + }, + { + "name": "http://www.baesystemsdetica.com.au/Research/Advisories/mod_accounting-Blind-SQL-Injection-%28DS-2013-006%29", + "refsource": "MISC", + "url": "http://www.baesystemsdetica.com.au/Research/Advisories/mod_accounting-Blind-SQL-Injection-%28DS-2013-006%29" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5959.json b/2013/5xxx/CVE-2013-5959.json index d562a586ecb..3fc994b53f1 100644 --- a/2013/5xxx/CVE-2013-5959.json +++ b/2013/5xxx/CVE-2013-5959.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA75", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA75" - }, - { - "name" : "97767", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97767" - }, - { - "name" : "1029088", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029088" - }, - { - "name" : "54991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54991" + }, + { + "name": "97767", + "refsource": "OSVDB", + "url": "http://osvdb.org/97767" + }, + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA75", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA75" + }, + { + "name": "1029088", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029088" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2057.json b/2014/2xxx/CVE-2014-2057.json index 2a3878e65a8..f66585e7742 100644 --- a/2014/2xxx/CVE-2014-2057.json +++ b/2014/2xxx/CVE-2014-2057.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2014-007/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2014-007/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2014-007/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2014-007/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2121.json b/2014/2xxx/CVE-2014-2121.json index 1350d00fbfe..76fe9fa7741 100644 --- a/2014/2xxx/CVE-2014-2121.json +++ b/2014/2xxx/CVE-2014-2121.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140318 Cisco Hosted Collaboration Solution Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2121" - }, - { - "name" : "66283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66283" - }, - { - "name" : "1029933", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140318 Cisco Hosted Collaboration Solution Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2121" + }, + { + "name": "66283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66283" + }, + { + "name": "1029933", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029933" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2268.json b/2014/2xxx/CVE-2014-2268.json index d5a7f5bdea6..09303846242 100644 --- a/2014/2xxx/CVE-2014-2268.json +++ b/2014/2xxx/CVE-2014-2268.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32794", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32794" - }, - { - "name" : "[Vtigercrm-developers] 20140316 IMP: forgot password and re-installation security fix", - "refsource" : "MLIST", - "url" : "http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html" - }, - { - "name" : "https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html", - "refsource" : "MISC", - "url" : "https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html" - }, - { - "name" : "66757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66757" + }, + { + "name": "https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html", + "refsource": "MISC", + "url": "https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html" + }, + { + "name": "[Vtigercrm-developers] 20140316 IMP: forgot password and re-installation security fix", + "refsource": "MLIST", + "url": "http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html" + }, + { + "name": "32794", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32794" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2760.json b/2014/2xxx/CVE-2014-2760.json index 040a61a0ba7..39e891b4f71 100644 --- a/2014/2xxx/CVE-2014-2760.json +++ b/2014/2xxx/CVE-2014-2760.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67846" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "67846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67846" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0505.json b/2017/0xxx/CVE-2017-0505.json index 42478a69187..1cec7e3ba63 100644 --- a/2017/0xxx/CVE-2017-0505.json +++ b/2017/0xxx/CVE-2017-0505.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31822282. References: M-ALPS02992041." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96726" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31822282. References: M-ALPS02992041." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96726" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0839.json b/2017/0xxx/CVE-2017-0839.json index 97ff722a3b2..5f31b7baafb 100644 --- a/2017/0xxx/CVE-2017-0839.json +++ b/2017/0xxx/CVE-2017-0839.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "101717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + }, + { + "name": "101717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101717" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12023.json b/2017/12xxx/CVE-2017-12023.json index 365d47e7032..473edc6b27f 100644 --- a/2017/12xxx/CVE-2017-12023.json +++ b/2017/12xxx/CVE-2017-12023.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12023", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12023", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12070.json b/2017/12xxx/CVE-2017-12070.json index 64086efd0ae..ee68616b2b6 100644 --- a/2017/12xxx/CVE-2017-12070.json +++ b/2017/12xxx/CVE-2017-12070.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf", - "refsource" : "CONFIRM", - "url" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf", + "refsource": "CONFIRM", + "url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12891.json b/2017/12xxx/CVE-2017-12891.json index 10c40d3f988..f42d598d309 100644 --- a/2017/12xxx/CVE-2017-12891.json +++ b/2017/12xxx/CVE-2017-12891.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12891", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12891", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16088.json b/2017/16xxx/CVE-2017-16088.json index a05af53bc54..311bae2eda2 100644 --- a/2017/16xxx/CVE-2017-16088.json +++ b/2017/16xxx/CVE-2017-16088.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "safe-eval node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Externally Controlled Reference to a Resource in Another Sphere (CWE-610)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "safe-eval node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hacksparrow/safe-eval/issues/5", - "refsource" : "MISC", - "url" : "https://github.com/hacksparrow/safe-eval/issues/5" - }, - { - "name" : "https://github.com/patriksimek/vm2/issues/59", - "refsource" : "MISC", - "url" : "https://github.com/patriksimek/vm2/issues/59" - }, - { - "name" : "https://nodesecurity.io/advisories/337", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Externally Controlled Reference to a Resource in Another Sphere (CWE-610)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/patriksimek/vm2/issues/59", + "refsource": "MISC", + "url": "https://github.com/patriksimek/vm2/issues/59" + }, + { + "name": "https://github.com/hacksparrow/safe-eval/issues/5", + "refsource": "MISC", + "url": "https://github.com/hacksparrow/safe-eval/issues/5" + }, + { + "name": "https://nodesecurity.io/advisories/337", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/337" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16601.json b/2017/16xxx/CVE-2017-16601.json index 7960c9b92da..3d1060cfb52 100644 --- a/2017/16xxx/CVE-2017-16601.json +++ b/2017/16xxx/CVE-2017-16601.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetGain Systems Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.730 build 1034" - } - ] - } - } - ] - }, - "vendor_name" : "NetGain Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.service.service_005ffailures_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5192." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetGain Systems Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name": "NetGain Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-966", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.service.service_005ffailures_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5192." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-966", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-966" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16700.json b/2017/16xxx/CVE-2017-16700.json index ea6692a3f7f..2fb2f1c001c 100644 --- a/2017/16xxx/CVE-2017-16700.json +++ b/2017/16xxx/CVE-2017-16700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16700", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16700", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16889.json b/2017/16xxx/CVE-2017-16889.json index 356521b956c..b979a00ae40 100644 --- a/2017/16xxx/CVE-2017-16889.json +++ b/2017/16xxx/CVE-2017-16889.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16889", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16889", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4016.json b/2017/4xxx/CVE-2017-4016.json index cc2574efe76..8dbf110794a 100644 --- a/2017/4xxx/CVE-2017-4016.json +++ b/2017/4xxx/CVE-2017-4016.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2017-4016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Data Loss Prevention (NDLP)", - "version" : { - "version_data" : [ - { - "version_value" : "9.3.x" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Web Server method disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2017-4016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Data Loss Prevention (NDLP)", + "version": { + "version_data": [ + { + "version_value": "9.3.x" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10198", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10198" - }, - { - "name" : "1038523", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Web Server method disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198" + }, + { + "name": "1038523", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038523" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4034.json b/2017/4xxx/CVE-2017-4034.json index 2fa2dad8b47..fbf83df59f2 100644 --- a/2017/4xxx/CVE-2017-4034.json +++ b/2017/4xxx/CVE-2017-4034.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4034", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4034", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4358.json b/2017/4xxx/CVE-2017-4358.json index 9613baaee87..4b200325b73 100644 --- a/2017/4xxx/CVE-2017-4358.json +++ b/2017/4xxx/CVE-2017-4358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4358", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4358", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4675.json b/2017/4xxx/CVE-2017-4675.json index a131d3ddc5b..9a823f9f359 100644 --- a/2017/4xxx/CVE-2017-4675.json +++ b/2017/4xxx/CVE-2017-4675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4675", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4675", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5119.json b/2018/5xxx/CVE-2018-5119.json index d50d9dd95a2..a75cd1e5a32 100644 --- a/2018/5xxx/CVE-2018-5119.json +++ b/2018/5xxx/CVE-2018-5119.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "58" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reader view will load cross-origin content in violation of CORS headers" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "58" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1420507", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1420507" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/" - }, - { - "name" : "USN-3544-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3544-1/" - }, - { - "name" : "102786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102786" - }, - { - "name" : "1040270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reader view will load cross-origin content in violation of CORS headers" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040270" + }, + { + "name": "USN-3544-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3544-1/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1420507", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1420507" + }, + { + "name": "102786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102786" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5473.json b/2018/5xxx/CVE-2018-5473.json index 1da736ad161..66bfdecdfb8 100644 --- a/2018/5xxx/CVE-2018-5473.json +++ b/2018/5xxx/CVE-2018-5473.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-5473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GE D60 Line Distance Relay", - "version" : { - "version_data" : [ - { - "version_value" : "GE D60 Line Distance Relay" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-5473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GE D60 Line Distance Relay", + "version": { + "version_data": [ + { + "version_value": "GE D60 Line Distance Relay" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02" - }, - { - "name" : "103054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02" + }, + { + "name": "103054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103054" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5492.json b/2018/5xxx/CVE-2018-5492.json index ef3fd723da0..ec084329e71 100644 --- a/2018/5xxx/CVE-2018-5492.json +++ b/2018/5xxx/CVE-2018-5492.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@netapp.com", - "DATE_PUBLIC" : "2018-10-03T00:00:00", - "ID" : "CVE-2018-5492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "E-Series SANtricity OS Controller Software", - "version" : { - "version_data" : [ - { - "version_value" : "11.30.5" - } - ] - } - } - ] - }, - "vendor_name" : "NetApp" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@netapp.com", + "DATE_PUBLIC": "2018-10-03T00:00:00", + "ID": "CVE-2018-5492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "E-Series SANtricity OS Controller Software", + "version": { + "version_data": [ + { + "version_value": "11.30.5" + } + ] + } + } + ] + }, + "vendor_name": "NetApp" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20181003-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181003-0001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20181003-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181003-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5678.json b/2018/5xxx/CVE-2018-5678.json index eb8a20e7d40..8130234008a 100644 --- a/2018/5xxx/CVE-2018-5678.json +++ b/2018/5xxx/CVE-2018-5678.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5676." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://srcincite.io/advisories/src-2018-0012/", - "refsource" : "MISC", - "url" : "https://srcincite.io/advisories/src-2018-0012/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "104300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process, a different vulnerability than CVE-2018-5674 and CVE-2018-5676." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://srcincite.io/advisories/src-2018-0012/", + "refsource": "MISC", + "url": "https://srcincite.io/advisories/src-2018-0012/" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "104300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104300" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5718.json b/2018/5xxx/CVE-2018-5718.json index fd4ef156c53..f5b43be0e35 100644 --- a/2018/5xxx/CVE-2018-5718.json +++ b/2018/5xxx/CVE-2018-5718.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.safensoft.com/security.phtml?c=865", - "refsource" : "CONFIRM", - "url" : "http://www.safensoft.com/security.phtml?c=865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.safensoft.com/security.phtml?c=865", + "refsource": "CONFIRM", + "url": "http://www.safensoft.com/security.phtml?c=865" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5909.json b/2018/5xxx/CVE-2018-5909.json index f90c4e53bea..d5447b730f9 100644 --- a/2018/5xxx/CVE-2018-5909.json +++ b/2018/5xxx/CVE-2018-5909.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-5909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-5909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=2c1716c5afd660651724b6088f2e6301272f4926", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=2c1716c5afd660651724b6088f2e6301272f4926" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=2c1716c5afd660651724b6088f2e6301272f4926", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=2c1716c5afd660651724b6088f2e6301272f4926" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5989.json b/2018/5xxx/CVE-2018-5989.json index a33743e867b..170511ac7f8 100644 --- a/2018/5xxx/CVE-2018-5989.json +++ b/2018/5xxx/CVE-2018-5989.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44132", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/44132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44132", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/44132" + } + ] + } +} \ No newline at end of file