diff --git a/2001/0xxx/CVE-2001-0384.json b/2001/0xxx/CVE-2001-0384.json index 90620bcb9d4..fd54d2162da 100644 --- a/2001/0xxx/CVE-2001-0384.json +++ b/2001/0xxx/CVE-2001-0384.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010414 Re: Reliant Unix 5.43 / 5.44 ICMP port unreachable problem", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/176709" - }, - { - "name" : "2606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2606" + }, + { + "name": "20010414 Re: Reliant Unix 5.43 / 5.44 ICMP port unreachable problem", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/176709" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1042.json b/2001/1xxx/CVE-2001-1042.json index 6496fa6d830..0bccf34d3a0 100644 --- a/2001/1xxx/CVE-2001-1042.json +++ b/2001/1xxx/CVE-2001-1042.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010701 Broker 5.9.5.0 Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/194443" - }, - { - "name" : "2960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2960" - }, - { - "name" : "ftp-lnk-directory-traversal(6760)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010701 Broker 5.9.5.0 Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/194443" + }, + { + "name": "2960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2960" + }, + { + "name": "ftp-lnk-directory-traversal(6760)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6760" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1269.json b/2001/1xxx/CVE-2001-1269.json index 136285371c1..908e59f70cf 100644 --- a/2001/1xxx/CVE-2001-1269.json +++ b/2001/1xxx/CVE-2001-1269.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/196445" - }, - { - "name" : "http://www.info-zip.org/pub/infozip/UnZip.html", - "refsource" : "CONFIRM", - "url" : "http://www.info-zip.org/pub/infozip/UnZip.html" - }, - { - "name" : "47800", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1" - }, - { - "name" : "1000928", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47800", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1" + }, + { + "name": "20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/196445" + }, + { + "name": "1000928", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1" + }, + { + "name": "http://www.info-zip.org/pub/infozip/UnZip.html", + "refsource": "CONFIRM", + "url": "http://www.info-zip.org/pub/infozip/UnZip.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1319.json b/2001/1xxx/CVE-2001-1319.json index fb37e6f0d90..ab7ce6981c6 100644 --- a/2001/1xxx/CVE-2001-1319.json +++ b/2001/1xxx/CVE-2001-1319.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-2001-18", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-18.html" - }, - { - "name" : "VU#763400", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/763400" - }, - { - "name" : "L-116", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/CFCN-4YAQC7", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/CFCN-4YAQC7" - }, - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" - }, - { - "name" : "3045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3045" - }, - { - "name" : "exchange-ldap-protos-dos(6899)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2001-18", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-18.html" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" + }, + { + "name": "L-116", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml" + }, + { + "name": "http://www.kb.cert.org/vuls/id/CFCN-4YAQC7", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/CFCN-4YAQC7" + }, + { + "name": "exchange-ldap-protos-dos(6899)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6899" + }, + { + "name": "VU#763400", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/763400" + }, + { + "name": "3045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3045" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2105.json b/2006/2xxx/CVE-2006-2105.json index 0df75e86719..c88caee4b70 100644 --- a/2006/2xxx/CVE-2006-2105.json +++ b/2006/2xxx/CVE-2006-2105.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via \"..\" sequences terminated by a %00 (null) character in the n parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/jupitercms-lteq1.1.5-local-file-include.txt", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/jupitercms-lteq1.1.5-local-file-include.txt" - }, - { - "name" : "17716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via \"..\" sequences terminated by a %00 (null) character in the n parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17716" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/jupitercms-lteq1.1.5-local-file-include.txt", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/jupitercms-lteq1.1.5-local-file-include.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2547.json b/2006/2xxx/CVE-2006-2547.json index f6412b75c16..bc7d2df1c41 100644 --- a/2006/2xxx/CVE-2006-2547.json +++ b/2006/2xxx/CVE-2006-2547.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to \"insecure environment variable\" handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060519 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAPsapdba Command", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434534/30/4890/threaded" - }, - { - "name" : "20060518 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html" - }, - { - "name" : "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf" - }, - { - "name" : "18028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18028" - }, - { - "name" : "ADV-2006-1861", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1861" - }, - { - "name" : "1016122", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016122" - }, - { - "name" : "20180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20180" - }, - { - "name" : "941", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/941" - }, - { - "name" : "sap-sapdba-privilege-escalation(26526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to \"insecure environment variable\" handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1861", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1861" + }, + { + "name": "20180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20180" + }, + { + "name": "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf" + }, + { + "name": "sap-sapdba-privilege-escalation(26526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26526" + }, + { + "name": "1016122", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016122" + }, + { + "name": "20060518 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html" + }, + { + "name": "20060519 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAPsapdba Command", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434534/30/4890/threaded" + }, + { + "name": "941", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/941" + }, + { + "name": "18028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18028" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6856.json b/2006/6xxx/CVE-2006-6856.json index d823c901ed0..40343fcd13d 100644 --- a/2006/6xxx/CVE-2006-6856.json +++ b/2006/6xxx/CVE-2006-6856.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3036", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3036" - }, - { - "name" : "21809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21809" - }, - { - "name" : "ADV-2006-5203", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5203" - }, - { - "name" : "23574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23574" + }, + { + "name": "21809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21809" + }, + { + "name": "ADV-2006-5203", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5203" + }, + { + "name": "3036", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3036" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6924.json b/2006/6xxx/CVE-2006-6924.json index afea073487e..774d0f15947 100644 --- a/2006/6xxx/CVE-2006-6924.json +++ b/2006/6xxx/CVE-2006-6924.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061106 bitweaver <=1.3.1 [injection sql (post) & xss (post)]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html" - }, - { - "name" : "20996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20996" - }, - { - "name" : "ADV-2006-4485", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4485" - }, - { - "name" : "22793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22793" - }, - { - "name" : "2144", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2144" - }, - { - "name" : "bitweaver-sortmode-sql-injection(30165)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4485", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4485" + }, + { + "name": "20996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20996" + }, + { + "name": "22793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22793" + }, + { + "name": "bitweaver-sortmode-sql-injection(30165)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30165" + }, + { + "name": "20061106 bitweaver <=1.3.1 [injection sql (post) & xss (post)]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html" + }, + { + "name": "2144", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2144" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2043.json b/2011/2xxx/CVE-2011-2043.json index b316aca8440..a5e3232a12d 100644 --- a/2011/2xxx/CVE-2011-2043.json +++ b/2011/2xxx/CVE-2011-2043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2043", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2043", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2104.json b/2011/2xxx/CVE-2011-2104.json index a73df8b83e5..a5a495523d3 100644 --- a/2011/2xxx/CVE-2011-2104.json +++ b/2011/2xxx/CVE-2011-2104.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-16.html" - }, - { - "name" : "TA11-166A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" - }, - { - "name" : "48251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48251" - }, - { - "name" : "73066", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73066" - }, - { - "name" : "oval:org.mitre.oval:def:13863", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13863" - }, - { - "name" : "1025658", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025658" - }, - { - "name" : "adobe-reader-acorbat-dos(68018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adobe-reader-acorbat-dos(68018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68018" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" + }, + { + "name": "TA11-166A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" + }, + { + "name": "1025658", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025658" + }, + { + "name": "oval:org.mitre.oval:def:13863", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13863" + }, + { + "name": "48251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48251" + }, + { + "name": "73066", + "refsource": "OSVDB", + "url": "http://osvdb.org/73066" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2194.json b/2011/2xxx/CVE-2011-2194.json index 35a169565af..94669b59801 100644 --- a/2011/2xxx/CVE-2011-2194.json +++ b/2011/2xxx/CVE-2011-2194.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.videolan.org/security/sa1104.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/security/sa1104.html" - }, - { - "name" : "DSA-2257", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2257" - }, - { - "name" : "48171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48171" - }, - { - "name" : "oval:org.mitre.oval:def:14774", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774" - }, - { - "name" : "44892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2257", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2257" + }, + { + "name": "oval:org.mitre.oval:def:14774", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774" + }, + { + "name": "44892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44892" + }, + { + "name": "48171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48171" + }, + { + "name": "http://www.videolan.org/security/sa1104.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/security/sa1104.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3188.json b/2011/3xxx/CVE-2011-3188.json index 69e9e2acbba..83f66ec446a 100644 --- a/2011/3xxx/CVE-2011-3188.json +++ b/2011/3xxx/CVE-2011-3188.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110823 Re: CVE request: kernel: change in how tcp seq numbers are generated", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/23/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc0b96b54a21246e377122d54569eef71cec535f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc0b96b54a21246e377122d54569eef71cec535f" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=732658", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=732658" - }, - { - "name" : "https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec" - }, - { - "name" : "https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f" - }, - { - "name" : "HPSBGN02970", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f" + }, + { + "name": "[oss-security] 20110823 Re: CVE request: kernel: change in how tcp seq numbers are generated", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/23/2" + }, + { + "name": "https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=732658", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732658" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" + }, + { + "name": "HPSBGN02970", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc0b96b54a21246e377122d54569eef71cec535f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc0b96b54a21246e377122d54569eef71cec535f" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3362.json b/2011/3xxx/CVE-2011-3362.json index 8b132f385d2..c39413100d4 100644 --- a/2011/3xxx/CVE-2011-3362.json +++ b/2011/3xxx/CVE-2011-3362.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110913 CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/13/4" - }, - { - "name" : "[oss-security] 20110914 Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/14/8" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2011-002.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2011-002.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=91d5da9321c52e8197fb14046ebb335f3e6ff4a0", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=91d5da9321c52e8197fb14046ebb335f3e6ff4a0" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c5cbda50793e311aa73489d12184ffd6761c9fbf", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c5cbda50793e311aa73489d12184ffd6761c9fbf" - }, - { - "name" : "http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog" - }, - { - "name" : "http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog" - }, - { - "name" : "45532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45532" + }, + { + "name": "[oss-security] 20110913 CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/13/4" + }, + { + "name": "http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog" + }, + { + "name": "http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=91d5da9321c52e8197fb14046ebb335f3e6ff4a0", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=91d5da9321c52e8197fb14046ebb335f3e6ff4a0" + }, + { + "name": "[oss-security] 20110914 Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/14/8" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2011-002.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2011-002.html" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c5cbda50793e311aa73489d12184ffd6761c9fbf", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c5cbda50793e311aa73489d12184ffd6761c9fbf" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3795.json b/2011/3xxx/CVE-2011-3795.json index 22e106e62c3..4aae05354a2 100644 --- a/2011/3xxx/CVE-2011-3795.json +++ b/2011/3xxx/CVE-2011-3795.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/podcastgen1.3", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/podcastgen1.3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/podcastgen1.3", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/podcastgen1.3" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3857.json b/2011/3xxx/CVE-2011-3857.json index c2a431d96fd..3cc78bbd437 100644 --- a/2011/3xxx/CVE-2011-3857.json +++ b/2011/3xxx/CVE-2011-3857.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sitewat.ch/en/Advisories/15", - "refsource" : "MISC", - "url" : "https://sitewat.ch/en/Advisories/15" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sitewat.ch/en/Advisories/15", + "refsource": "MISC", + "url": "https://sitewat.ch/en/Advisories/15" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4015.json b/2011/4xxx/CVE-2011-4015.json index 7b399ecd741..6ee638b510d 100644 --- a/2011/4xxx/CVE-2011-4015.json +++ b/2011/4xxx/CVE-2011-4015.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-4015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html" - }, - { - "name" : "1027005", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html" + }, + { + "name": "1027005", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027005" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4096.json b/2011/4xxx/CVE-2011-4096.json index eeaa75b3298..9aaab776ed6 100644 --- a/2011/4xxx/CVE-2011-4096.json +++ b/2011/4xxx/CVE-2011-4096.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111031 CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/10/31/5" - }, - { - "name" : "[oss-security] 20111031 Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/01/3" - }, - { - "name" : "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12", - "refsource" : "MISC", - "url" : "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12" - }, - { - "name" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html" - }, - { - "name" : "MDVSA-2011:193", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:193" - }, - { - "name" : "RHSA-2011:1791", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1791.html" - }, - { - "name" : "SUSE-SU-2016:1996", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:2089", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html" - }, - { - "name" : "1026265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026265" - }, - { - "name" : "46609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46609" - }, - { - "name" : "47459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12", + "refsource": "MISC", + "url": "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12" + }, + { + "name": "RHSA-2011:1791", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1791.html" + }, + { + "name": "SUSE-SU-2016:1996", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html" + }, + { + "name": "[oss-security] 20111031 CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/10/31/5" + }, + { + "name": "1026265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026265" + }, + { + "name": "[oss-security] 20111031 Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/01/3" + }, + { + "name": "MDVSA-2011:193", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:193" + }, + { + "name": "46609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46609" + }, + { + "name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html" + }, + { + "name": "SUSE-SU-2016:2089", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html" + }, + { + "name": "47459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47459" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4643.json b/2011/4xxx/CVE-2011-4643.json index fe114acb317..b2f5407941d 100644 --- a/2011/4xxx/CVE-2011-4643.json +++ b/2011/4xxx/CVE-2011-4643.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18245", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18245/" - }, - { - "name" : "http://www.sec-1.com/blog/?p=233", - "refsource" : "MISC", - "url" : "http://www.sec-1.com/blog/?p=233" - }, - { - "name" : "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf", - "refsource" : "MISC", - "url" : "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf" - }, - { - "name" : "http://www.splunk.com/view/SP-CAAAGMM", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAGMM" - }, - { - "name" : "1026451", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026451" - }, - { - "name" : "47232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47232" - }, - { - "name" : "splunk-splunkd-directory-traversal(72244)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.splunk.com/view/SP-CAAAGMM", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAGMM" + }, + { + "name": "1026451", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026451" + }, + { + "name": "splunk-splunkd-directory-traversal(72244)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72244" + }, + { + "name": "http://www.sec-1.com/blog/?p=233", + "refsource": "MISC", + "url": "http://www.sec-1.com/blog/?p=233" + }, + { + "name": "47232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47232" + }, + { + "name": "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf", + "refsource": "MISC", + "url": "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf" + }, + { + "name": "18245", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18245/" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4876.json b/2011/4xxx/CVE-2011-4876.json index 26cb6571336..18431f36bab 100644 --- a/2011/4xxx/CVE-2011-4876.json +++ b/2011/4xxx/CVE-2011-4876.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18166", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18166" - }, - { - "name" : "http://aluigi.org/adv/winccflex_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/winccflex_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf" - }, - { - "name" : "77381", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77381" - }, - { - "name" : "46997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46997" - }, - { - "name" : "simatic-hmiload-dir-traversal(71450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46997" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf" + }, + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf" + }, + { + "name": "18166", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18166" + }, + { + "name": "http://aluigi.org/adv/winccflex_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/winccflex_1-adv.txt" + }, + { + "name": "simatic-hmiload-dir-traversal(71450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71450" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf" + }, + { + "name": "77381", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77381" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0078.json b/2013/0xxx/CVE-2013-0078.json index 366003c20e8..e238d9a75cc 100644 --- a/2013/0xxx/CVE-2013-0078.json +++ b/2013/0xxx/CVE-2013-0078.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka \"Microsoft Antimalware Improper Pathname Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-034" - }, - { - "name" : "TA13-100A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-100A" - }, - { - "name" : "oval:org.mitre.oval:def:16293", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka \"Microsoft Antimalware Improper Pathname Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-034" + }, + { + "name": "TA13-100A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-100A" + }, + { + "name": "oval:org.mitre.oval:def:16293", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16293" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0293.json b/2013/0xxx/CVE-2013-0293.json index adf680ea6a4..7ca867d6fbd 100644 --- a/2013/0xxx/CVE-2013-0293.json +++ b/2013/0xxx/CVE-2013-0293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0484.json b/2013/0xxx/CVE-2013-0484.json index 87c7ca261df..82bf4f83521 100644 --- a/2013/0xxx/CVE-2013-0484.json +++ b/2013/0xxx/CVE-2013-0484.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21637655", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21637655" - }, - { - "name" : "tm1-undocumented-api(81612)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tm1-undocumented-api(81612)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81612" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21637655", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637655" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0861.json b/2013/0xxx/CVE-2013-0861.json index bf962d6be02..d07962e77f6 100644 --- a/2013/0xxx/CVE-2013-0861.json +++ b/2013/0xxx/CVE-2013-0861.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=43c6b45a53a186a187f7266e4d6bd3c2620519f1", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=43c6b45a53a186a187f7266e4d6bd3c2620519f1" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4cd1dad91ae97fe1f0dd534c3f5566787566f137", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4cd1dad91ae97fe1f0dd534c3f5566787566f137" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=43c6b45a53a186a187f7266e4d6bd3c2620519f1", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=43c6b45a53a186a187f7266e4d6bd3c2620519f1" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4cd1dad91ae97fe1f0dd534c3f5566787566f137", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4cd1dad91ae97fe1f0dd534c3f5566787566f137" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1437.json b/2013/1xxx/CVE-2013-1437.json index 3d5f5019140..0eaeacded43 100644 --- a/2013/1xxx/CVE-2013-1437.json +++ b/2013/1xxx/CVE-2013-1437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1437", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1437", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1511.json b/2013/1xxx/CVE-2013-1511.json index 30a0c67b96f..1454f0bafa4 100644 --- a/2013/1xxx/CVE-2013-1511.json +++ b/2013/1xxx/CVE-2013-1511.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1608.json b/2013/1xxx/CVE-2013-1608.json index e3180de8841..5c458ef1805 100644 --- a/2013/1xxx/CVE-2013-1608.json +++ b/2013/1xxx/CVE-2013-1608.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-1608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130320_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130320_00" - }, - { - "name" : "58542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58542" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130320_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130320_00" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1885.json b/2013/1xxx/CVE-2013-1885.json index 1c34f8bd98f..85317138a0b 100644 --- a/2013/1xxx/CVE-2013-1885.json +++ b/2013/1xxx/CVE-2013-1885.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) tus/ or (2) tus/tus/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=923039", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=923039" - }, - { - "name" : "RHSA-2013:0856", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0856.html" - }, - { - "name" : "93626", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/93626" - }, - { - "name" : "93627", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/93627" - }, - { - "name" : "1029685", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029685" - }, - { - "name" : "rhcs-cve20131885-xss(84477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) tus/ or (2) tus/tus/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0856", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0856.html" + }, + { + "name": "1029685", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029685" + }, + { + "name": "93627", + "refsource": "OSVDB", + "url": "http://osvdb.org/93627" + }, + { + "name": "rhcs-cve20131885-xss(84477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84477" + }, + { + "name": "93626", + "refsource": "OSVDB", + "url": "http://osvdb.org/93626" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=923039", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923039" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1890.json b/2013/1xxx/CVE-2013-1890.json index 1fa0a77aad1..bade876b113 100644 --- a/2013/1xxx/CVE-2013-1890.json +++ b/2013/1xxx/CVE-2013-1890.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-011", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-011" - }, - { - "name" : "58852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58852" - }, - { - "name" : "owncloud-cve20131890-multiple-xss(83245)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "owncloud-cve20131890-multiple-xss(83245)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83245" + }, + { + "name": "58852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58852" + }, + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2013-011", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-011" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1892.json b/2013/1xxx/CVE-2013-1892.json index ab01221f917..6908b1b08d7 100644 --- a/2013/1xxx/CVE-2013-1892.json +++ b/2013/1xxx/CVE-2013-1892.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24935", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24935" - }, - { - "name" : "24947", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24947" - }, - { - "name" : "[oss-security] 20130325 Re: CVE Request: Mongo DB", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/25/9" - }, - { - "name" : "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/", - "refsource" : "MISC", - "url" : "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/" - }, - { - "name" : "http://www.mongodb.org/about/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.mongodb.org/about/alerts/" - }, - { - "name" : "https://jira.mongodb.org/browse/SERVER-9124", - "refsource" : "CONFIRM", - "url" : "https://jira.mongodb.org/browse/SERVER-9124" - }, - { - "name" : "FEDORA-2013-4531", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html" - }, - { - "name" : "FEDORA-2013-4539", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html" - }, - { - "name" : "RHSA-2013:1170", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1170.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1170", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1170.html" + }, + { + "name": "24947", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24947" + }, + { + "name": "[oss-security] 20130325 Re: CVE Request: Mongo DB", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/25/9" + }, + { + "name": "FEDORA-2013-4539", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html" + }, + { + "name": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/", + "refsource": "MISC", + "url": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/" + }, + { + "name": "24935", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24935" + }, + { + "name": "https://jira.mongodb.org/browse/SERVER-9124", + "refsource": "CONFIRM", + "url": "https://jira.mongodb.org/browse/SERVER-9124" + }, + { + "name": "http://www.mongodb.org/about/alerts/", + "refsource": "CONFIRM", + "url": "http://www.mongodb.org/about/alerts/" + }, + { + "name": "FEDORA-2013-4531", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5046.json b/2013/5xxx/CVE-2013-5046.json index 0ccc7ecc53d..9e62d610d59 100644 --- a/2013/5xxx/CVE-2013-5046.json +++ b/2013/5xxx/CVE-2013-5046.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-5046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-097", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-097", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5310.json b/2013/5xxx/CVE-2013-5310.json index 452a42e5415..7a18a7ff411 100644 --- a/2013/5xxx/CVE-2013-5310.json +++ b/2013/5xxx/CVE-2013-5310.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013" - }, - { - "name" : "http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/wfqbe", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/wfqbe" - }, - { - "name" : "61653", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61653" - }, - { - "name" : "95957", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95957" - }, - { - "name" : "typo3-dbintegration-unspec-sql-injection(86238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95957", + "refsource": "OSVDB", + "url": "http://osvdb.org/95957" + }, + { + "name": "http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extension-manuals/wfqbe/2.0.1/view/1/5/" + }, + { + "name": "typo3-dbintegration-unspec-sql-injection(86238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86238" + }, + { + "name": "http://typo3.org/extensions/repository/view/wfqbe", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/wfqbe" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-013" + }, + { + "name": "61653", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61653" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5868.json b/2013/5xxx/CVE-2013-5868.json index 27774e01068..55c47fd8280 100644 --- a/2013/5xxx/CVE-2013-5868.json +++ b/2013/5xxx/CVE-2013-5868.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5871 and CVE-2014-0444." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64879" - }, - { - "name" : "102088", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102088" - }, - { - "name" : "1029620", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029620" - }, - { - "name" : "56473", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5871 and CVE-2014-0444." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029620", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029620" + }, + { + "name": "102088", + "refsource": "OSVDB", + "url": "http://osvdb.org/102088" + }, + { + "name": "64879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64879" + }, + { + "name": "56473", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56473" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2001.json b/2014/2xxx/CVE-2014-2001.json index 3678b01ac7e..c50c8a21c9e 100644 --- a/2014/2xxx/CVE-2014-2001.json +++ b/2014/2xxx/CVE-2014-2001.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-2001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://play.google.com/store/apps/details?id=jp.co.jreast", - "refsource" : "CONFIRM", - "url" : "https://play.google.com/store/apps/details?id=jp.co.jreast" - }, - { - "name" : "JVN#10603428", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN10603428/index.html" - }, - { - "name" : "JVNDB-2014-000050", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000050", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000050" + }, + { + "name": "https://play.google.com/store/apps/details?id=jp.co.jreast", + "refsource": "CONFIRM", + "url": "https://play.google.com/store/apps/details?id=jp.co.jreast" + }, + { + "name": "JVN#10603428", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN10603428/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2315.json b/2014/2xxx/CVE-2014-2315.json index 9f3a1e2f368..c8c02b83aca 100644 --- a/2014/2xxx/CVE-2014-2315.json +++ b/2014/2xxx/CVE-2014-2315.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/125397", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125397" - }, - { - "name" : "65805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65805" - }, - { - "name" : "thanks-you-wordpress-xss(91474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "thanks-you-wordpress-xss(91474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91474" + }, + { + "name": "65805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65805" + }, + { + "name": "http://packetstormsecurity.com/files/125397", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125397" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0316.json b/2017/0xxx/CVE-2017-0316.json index df98a4523ef..e4ae5fc3b8a 100644 --- a/2017/0xxx/CVE-2017-0316.json +++ b/2017/0xxx/CVE-2017-0316.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2017-10-16T00:00:00", - "ID" : "CVE-2017-0316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GeForce Experience", - "version" : { - "version_data" : [ - { - "version_value" : "3.x" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2017-10-16T00:00:00", + "ID": "CVE-2017-0316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GeForce Experience", + "version": { + "version_data": [ + { + "version_value": "3.x" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0367.json b/2017/0xxx/CVE-2017-0367.json index b85c6b0099e..b731119595a 100644 --- a/2017/0xxx/CVE-2017-0367.json +++ b/2017/0xxx/CVE-2017-0367.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", - "ID" : "CVE-2017-0367", - "STATE" : "PUBLIC", - "TITLE" : "Having LocalisationCache directory default to system tmp directory is insecure" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mediawiki", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "mediawiki" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "usafe use of system tmp directory." - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", + "ID": "CVE-2017-0367", + "STATE": "PUBLIC", + "TITLE": "Having LocalisationCache directory default to system tmp directory is insecure" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mediawiki", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "mediawiki" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" - }, - { - "name" : "https://phabricator.wikimedia.org/T161453", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T161453" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0367", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0367" - } - ] - }, - "source" : { - "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "usafe use of system tmp directory." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + }, + { + "name": "https://phabricator.wikimedia.org/T161453", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T161453" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2017-0367", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2017-0367" + } + ] + }, + "source": { + "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0435.json b/2017/0xxx/CVE-2017-0435.json index d3e62229d96..02d8f6513cb 100644 --- a/2017/0xxx/CVE-2017-0435.json +++ b/2017/0xxx/CVE-2017-0435.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96053" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "96053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96053" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000182.json b/2017/1000xxx/CVE-2017-1000182.json index aec5959b0ea..cba4a30d09b 100644 --- a/2017/1000xxx/CVE-2017-1000182.json +++ b/2017/1000xxx/CVE-2017-1000182.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.402716", - "ID" : "CVE-2017-1000182", - "REQUESTER" : "vuln_reporter@srcms.xyz", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "swftools", - "version" : { - "version_data" : [ - { - "version_value" : "latest" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SWFTools, a memory leak was found in wav2swf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-401: Improper Release of Memory Before Removing Last Reference ('Memory Leak')" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.402716", + "ID": "CVE-2017-1000182", + "REQUESTER": "vuln_reporter@srcms.xyz", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/matthiaskramm/swftools/issues/30", - "refsource" : "MISC", - "url" : "https://github.com/matthiaskramm/swftools/issues/30" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SWFTools, a memory leak was found in wav2swf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/matthiaskramm/swftools/issues/30", + "refsource": "MISC", + "url": "https://github.com/matthiaskramm/swftools/issues/30" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000409.json b/2017/1000xxx/CVE-2017-1000409.json index b09db35fbef..d4bd1e1003b 100644 --- a/2017/1000xxx/CVE-2017-1000409.json +++ b/2017/1000xxx/CVE-2017-1000409.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-05", - "ID" : "CVE-2017-1000409", - "REQUESTER" : "qsa@qualys.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "glibc", - "version" : { - "version_data" : [ - { - "version_value" : "glibc with commit 950398e1320255572f4228db94344dcd5f613455 and later" - } - ] - } - } - ] - }, - "vendor_name" : "glibc" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-05", + "ID": "CVE-2017-1000409", + "REQUESTER": "qsa@qualys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43331", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43331/" - }, - { - "name" : "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2017/q4/385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43331", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43331/" + }, + { + "name": "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2017/q4/385" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12444.json b/2017/12xxx/CVE-2017-12444.json index bf70b07afb3..9a55597eaa9 100644 --- a/2017/12xxx/CVE-2017-12444.json +++ b/2017/12xxx/CVE-2017-12444.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170808 minidjvu multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Aug/15" - }, - { - "name" : "100416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100416" + }, + { + "name": "20170808 minidjvu multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Aug/15" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12453.json b/2017/12xxx/CVE-2017-12453.json index 670f800e02c..c3f796832bb 100644 --- a/2017/12xxx/CVE-2017-12453.json +++ b/2017/12xxx/CVE-2017-12453.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21813", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21813", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12479.json b/2017/12xxx/CVE-2017-12479.json index 06d1c569078..59b31e84f70 100644 --- a/2017/12xxx/CVE-2017-12479.json +++ b/2017/12xxx/CVE-2017-12479.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.unitrends.com/UnitrendsBackup/s/article/000005757", - "refsource" : "CONFIRM", - "url" : "https://support.unitrends.com/UnitrendsBackup/s/article/000005757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.unitrends.com/UnitrendsBackup/s/article/000005757", + "refsource": "CONFIRM", + "url": "https://support.unitrends.com/UnitrendsBackup/s/article/000005757" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16174.json b/2017/16xxx/CVE-2017-16174.json index 4e9005dff53..9ac20f3b6ed 100644 --- a/2017/16xxx/CVE-2017-16174.json +++ b/2017/16xxx/CVE-2017-16174.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "whispercast node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "whispercast node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/whispercast", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/whispercast" - }, - { - "name" : "https://nodesecurity.io/advisories/466", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/466", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/466" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/whispercast", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/whispercast" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16290.json b/2017/16xxx/CVE-2017-16290.json index 72b72d15877..6f1c559c2c2 100644 --- a/2017/16xxx/CVE-2017-16290.json +++ b/2017/16xxx/CVE-2017-16290.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16290", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16290", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16342.json b/2017/16xxx/CVE-2017-16342.json index 02cafffa8b1..0511d2cddf7 100644 --- a/2017/16xxx/CVE-2017-16342.json +++ b/2017/16xxx/CVE-2017-16342.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-16342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Insteon", - "version" : { - "version_data" : [ - { - "version_value" : "Insteon Hub 2245-222 - Firmware version 1012" - } - ] - } - } - ] - }, - "vendor_name" : "Insteon" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-16342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Insteon", + "version": { + "version_data": [ + { + "version_value": "Insteon Hub 2245-222 - Firmware version 1012" + } + ] + } + } + ] + }, + "vendor_name": "Insteon" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0484", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0484", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0484" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4259.json b/2017/4xxx/CVE-2017-4259.json index b80c25d21cb..410b5ac6b17 100644 --- a/2017/4xxx/CVE-2017-4259.json +++ b/2017/4xxx/CVE-2017-4259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4259", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4259", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4529.json b/2017/4xxx/CVE-2017-4529.json index a0735bce043..16e671d2ce0 100644 --- a/2017/4xxx/CVE-2017-4529.json +++ b/2017/4xxx/CVE-2017-4529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4529", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4529", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4535.json b/2017/4xxx/CVE-2017-4535.json index 149d13e7c49..239de9ce6bf 100644 --- a/2017/4xxx/CVE-2017-4535.json +++ b/2017/4xxx/CVE-2017-4535.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4535", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4535", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4951.json b/2017/4xxx/CVE-2017-4951.json index 7530cdf4db4..9ca05fc4a14 100644 --- a/2017/4xxx/CVE-2017-4951.json +++ b/2017/4xxx/CVE-2017-4951.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-01-26T00:00:00", - "ID" : "CVE-2017-4951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AirWatch Console", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.x before 9.2.2" - }, - { - "version_value" : "9.1.x before 9.1.5" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-01-26T00:00:00", + "ID": "CVE-2017-4951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AirWatch Console", + "version": { + "version_data": [ + { + "version_value": "9.2.x before 9.2.2" + }, + { + "version_value": "9.1.x before 9.1.5" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2018-0006.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2018-0006.html" - }, - { - "name" : "102849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102849" - }, - { - "name" : "1040288", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html" + }, + { + "name": "1040288", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040288" + }, + { + "name": "102849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102849" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4986.json b/2017/4xxx/CVE-2017-4986.json index 85c35277c2d..499a7a13e7d 100644 --- a/2017/4xxx/CVE-2017-4986.json +++ b/2017/4xxx/CVE-2017-4986.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier", - "version" : { - "version_data" : [ - { - "version_value" : "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier", + "version": { + "version_data": [ + { + "version_value": "EMC ESRS Virtual Edition EMC ESRS VE 3.18 or earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540721/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540721/30/0/threaded" - }, - { - "name" : "99036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99036" - }, - { - "name" : "1038696", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038696", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038696" + }, + { + "name": "http://www.securityfocus.com/archive/1/540721/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540721/30/0/threaded" + }, + { + "name": "99036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99036" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5185.json b/2018/5xxx/CVE-2018-5185.json index 012d5f055ab..06553f4bacb 100644 --- a/2018/5xxx/CVE-2018-5185.json +++ b/2018/5xxx/CVE-2018-5185.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Leaking plaintext through HTML forms" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180525 [SECURITY] [DLA 1382-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1450345", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1450345" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-13/" - }, - { - "name" : "DSA-4209", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4209" - }, - { - "name" : "GLSA-201811-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-13" - }, - { - "name" : "RHSA-2018:1725", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1725" - }, - { - "name" : "RHSA-2018:1726", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1726" - }, - { - "name" : "USN-3660-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3660-1/" - }, - { - "name" : "104240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104240" - }, - { - "name" : "1040946", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Leaking plaintext through HTML forms" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:1726", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1726" + }, + { + "name": "GLSA-201811-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-13" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-13/" + }, + { + "name": "USN-3660-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3660-1/" + }, + { + "name": "1040946", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040946" + }, + { + "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1382-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html" + }, + { + "name": "RHSA-2018:1725", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1725" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1450345", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1450345" + }, + { + "name": "DSA-4209", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4209" + }, + { + "name": "104240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104240" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5766.json b/2018/5xxx/CVE-2018-5766.json index f2bda8ff790..35e7d0dd061 100644 --- a/2018/5xxx/CVE-2018-5766.json +++ b/2018/5xxx/CVE-2018-5766.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1112", - "refsource" : "MISC", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1112" - }, - { - "name" : "102793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1112", + "refsource": "MISC", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1112" + }, + { + "name": "102793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102793" + } + ] + } +} \ No newline at end of file