diff --git a/2001/0xxx/CVE-2001-0508.json b/2001/0xxx/CVE-2001-0508.json index a3f2ced5414..44d9edf5dfa 100644 --- a/2001/0xxx/CVE-2001-0508.json +++ b/2001/0xxx/CVE-2001-0508.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010506 IIS 5.0 PROPFIND DOS #2", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/182579" - }, - { - "name" : "MS01-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044" - }, - { - "name" : "iis-webdav-long-request-dos(6982)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6982.php" - }, - { - "name" : "2690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2690" - }, - { - "name" : "5606", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5606" - }, - { - "name" : "5633", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010506 IIS 5.0 PROPFIND DOS #2", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/182579" + }, + { + "name": "iis-webdav-long-request-dos(6982)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6982.php" + }, + { + "name": "5606", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5606" + }, + { + "name": "2690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2690" + }, + { + "name": "5633", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5633" + }, + { + "name": "MS01-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0704.json b/2001/0xxx/CVE-2001-0704.json index 8e41f55ddf1..3760f0caf30 100644 --- a/2001/0xxx/CVE-2001-0704.json +++ b/2001/0xxx/CVE-2001-0704.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/192651" - }, - { - "name" : "arcadia-tradecli-reveal-path(6738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6738" - }, - { - "name" : "2904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2904" + }, + { + "name": "arcadia-tradecli-reveal-path(6738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6738" + }, + { + "name": "20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/192651" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0783.json b/2001/0xxx/CVE-2001-0783.json index a486c853b61..90b8b374933 100644 --- a/2001/0xxx/CVE-2001-0783.json +++ b/2001/0xxx/CVE-2001-0783.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010618 Cisco TFTPD 1.1 Vulerablity", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0227.html" - }, - { - "name" : "http://www.sentry-labs.com/files/cisco0201061701.txt", - "refsource" : "MISC", - "url" : "http://www.sentry-labs.com/files/cisco0201061701.txt" - }, - { - "name" : "2886", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2886" - }, - { - "name" : "cisco-tftp-directory-traversal(6722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sentry-labs.com/files/cisco0201061701.txt", + "refsource": "MISC", + "url": "http://www.sentry-labs.com/files/cisco0201061701.txt" + }, + { + "name": "2886", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2886" + }, + { + "name": "20010618 Cisco TFTPD 1.1 Vulerablity", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0227.html" + }, + { + "name": "cisco-tftp-directory-traversal(6722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6722" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1134.json b/2001/1xxx/CVE-2001-1134.json index 96532c1553e..06f2828772b 100644 --- a/2001/1xxx/CVE-2001-1134.json +++ b/2001/1xxx/CVE-2001-1134.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010720 Re: Two birds with one worm", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/198381" - }, - { - "name" : "20010809 Xerox N40 printers and Code Red worm", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/203025" - }, - { - "name" : "xerox-docuprint-dos(6976)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6976.php" - }, - { - "name" : "3170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010809 Xerox N40 printers and Code Red worm", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/203025" + }, + { + "name": "3170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3170" + }, + { + "name": "20010720 Re: Two birds with one worm", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/198381" + }, + { + "name": "xerox-docuprint-dos(6976)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6976.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1347.json b/2001/1xxx/CVE-2001-1347.json index 0525ec08375..a9a8b50c381 100644 --- a/2001/1xxx/CVE-2001-1347.json +++ b/2001/1xxx/CVE-2001-1347.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010524 Elevation of privileges with debug registers on Win2K", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html" - }, - { - "name" : "win2k-debug-elevate-privileges(6590)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6590.php" - }, - { - "name" : "2764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win2k-debug-elevate-privileges(6590)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6590.php" + }, + { + "name": "2764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2764" + }, + { + "name": "20010524 Elevation of privileges with debug registers on Win2K", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1443.json b/2001/1xxx/CVE-2001-1443.json index 4f80e78f0a7..f1fe4cbf43b 100644 --- a/2001/1xxx/CVE-2001-1443.json +++ b/2001/1xxx/CVE-2001-1443.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://josefsson.org/ktelnet/kerberos-telnet.html", - "refsource" : "MISC", - "url" : "http://josefsson.org/ktelnet/kerberos-telnet.html" - }, - { - "name" : "VU#390280", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/390280" - }, - { - "name" : "kth-kerberos-unencrypted-connection(10640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://josefsson.org/ktelnet/kerberos-telnet.html", + "refsource": "MISC", + "url": "http://josefsson.org/ktelnet/kerberos-telnet.html" + }, + { + "name": "kth-kerberos-unencrypted-connection(10640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10640" + }, + { + "name": "VU#390280", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/390280" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2254.json b/2006/2xxx/CVE-2006-2254.json index b662d9523fa..ea443f3906b 100644 --- a/2006/2xxx/CVE-2006-2254.json +++ b/2006/2xxx/CVE-2006-2254.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html", - "refsource" : "MISC", - "url" : "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html" - }, - { - "name" : "17881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17881" - }, - { - "name" : "ADV-2006-1679", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1679" - }, - { - "name" : "25436", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25436" - }, - { - "name" : "20033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20033" - }, - { - "name" : "filecopa-user-dos(26300)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25436", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25436" + }, + { + "name": "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html", + "refsource": "MISC", + "url": "http://blacksecurity.org/exploits/38/FILECOPA_V1.01_and_Below_Pre_Authentication_Remote_Overflow/111.html" + }, + { + "name": "ADV-2006-1679", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1679" + }, + { + "name": "filecopa-user-dos(26300)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26300" + }, + { + "name": "17881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17881" + }, + { + "name": "20033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20033" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2851.json b/2006/2xxx/CVE-2006-2851.json index 057ec97196c..9137b36db5d 100644 --- a/2006/2xxx/CVE-2006-2851.json +++ b/2006/2xxx/CVE-2006-2851.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=422371", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=422371" - }, - { - "name" : "JVN#97636431", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2397636431/index.html" - }, - { - "name" : "18275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18275" - }, - { - "name" : "ADV-2006-2124", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2124" - }, - { - "name" : "20418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20418" - }, - { - "name" : "dotproject-xss(26904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18275" + }, + { + "name": "dotproject-xss(26904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26904" + }, + { + "name": "JVN#97636431", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2397636431/index.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=422371", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=422371" + }, + { + "name": "20418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20418" + }, + { + "name": "ADV-2006-2124", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2124" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6084.json b/2006/6xxx/CVE-2006-6084.json index f2853352689..90123bdd33a 100644 --- a/2006/6xxx/CVE-2006-6084.json +++ b/2006/6xxx/CVE-2006-6084.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061121 aBitWhizzy [local file include]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452235/100/0/threaded" - }, - { - "name" : "20061204 Re: aBitWhizzy [local file include]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453478/100/0/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=52", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=52" - }, - { - "name" : "http://www.unverse.net/abitwhizzy-forum/0611251408/", - "refsource" : "CONFIRM", - "url" : "http://www.unverse.net/abitwhizzy-forum/0611251408/" - }, - { - "name" : "21222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21222" - }, - { - "name" : "ADV-2006-4657", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4657" - }, - { - "name" : "1017266", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017266" - }, - { - "name" : "23055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23055" - }, - { - "name" : "abitwhizzy-abitwhizzy-file-include(30458)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.unverse.net/abitwhizzy-forum/0611251408/", + "refsource": "CONFIRM", + "url": "http://www.unverse.net/abitwhizzy-forum/0611251408/" + }, + { + "name": "20061121 aBitWhizzy [local file include]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452235/100/0/threaded" + }, + { + "name": "ADV-2006-4657", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4657" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=52", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=52" + }, + { + "name": "23055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23055" + }, + { + "name": "21222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21222" + }, + { + "name": "1017266", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017266" + }, + { + "name": "20061204 Re: aBitWhizzy [local file include]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453478/100/0/threaded" + }, + { + "name": "abitwhizzy-abitwhizzy-file-include(30458)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30458" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6185.json b/2006/6xxx/CVE-2006-6185.json index 4dbb1557b6c..64a6df43378 100644 --- a/2006/6xxx/CVE-2006-6185.json +++ b/2006/6xxx/CVE-2006-6185.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061119 Wabbit PHP Gallery => 0.9 Remote Traversal Directory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452170/100/100/threaded" - }, - { - "name" : "20061130 Wabbit directory traversal - uncertain impact; enomphp uncertainty", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-November/001152.html" - }, - { - "name" : "21213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21213" - }, - { - "name" : "ADV-2006-4640", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4640" - }, - { - "name" : "22994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22994" - }, - { - "name" : "1939", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1939" - }, - { - "name" : "wabbitphpgallery-index-directory-traversal(30429)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22994" + }, + { + "name": "20061130 Wabbit directory traversal - uncertain impact; enomphp uncertainty", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-November/001152.html" + }, + { + "name": "20061119 Wabbit PHP Gallery => 0.9 Remote Traversal Directory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452170/100/100/threaded" + }, + { + "name": "wabbitphpgallery-index-directory-traversal(30429)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30429" + }, + { + "name": "21213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21213" + }, + { + "name": "1939", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1939" + }, + { + "name": "ADV-2006-4640", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4640" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6235.json b/2006/6xxx/CVE-2006-6235.json index 6e72428a640..f12f07688be 100644 --- a/2006/6xxx/CVE-2006-6235.json +++ b/2006/6xxx/CVE-2006-6235.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453664/100/0/threaded" - }, - { - "name" : "20061206 rPSA-2006-0227-1 gnupg", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453723/100/0/threaded" - }, - { - "name" : "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]", - "refsource" : "MLIST", - "url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-835", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-835" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm" - }, - { - "name" : "DSA-1231", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1231" - }, - { - "name" : "GLSA-200612-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-03.xml" - }, - { - "name" : "MDKSA-2006:228", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228" - }, - { - "name" : "OpenPKG-SA-2006.037", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html" - }, - { - "name" : "RHSA-2006:0754", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0754.html" - }, - { - "name" : "20061201-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc" - }, - { - "name" : "SUSE-SR:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_28_sr.html" - }, - { - "name" : "SUSE-SA:2006:075", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html" - }, - { - "name" : "2006-0070", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0070" - }, - { - "name" : "USN-393-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-393-1" - }, - { - "name" : "USN-393-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-393-2" - }, - { - "name" : "VU#427009", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/427009" - }, - { - "name" : "21462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21462" - }, - { - "name" : "oval:org.mitre.oval:def:11245", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245" - }, - { - "name" : "ADV-2006-4881", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4881" - }, - { - "name" : "1017349", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017349" - }, - { - "name" : "23245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23245" - }, - { - "name" : "23250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23250" - }, - { - "name" : "23255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23255" - }, - { - "name" : "23269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23269" - }, - { - "name" : "23259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23259" - }, - { - "name" : "23299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23299" - }, - { - "name" : "23303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23303" - }, - { - "name" : "23329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23329" - }, - { - "name" : "23290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23290" - }, - { - "name" : "23335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23335" - }, - { - "name" : "23284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23284" - }, - { - "name" : "23513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23513" - }, - { - "name" : "24047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24047" - }, - { - "name" : "gnupg-openpgp-code-execution(30711)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017349", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017349" + }, + { + "name": "23269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23269" + }, + { + "name": "23303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23303" + }, + { + "name": "20061206 rPSA-2006-0227-1 gnupg", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453723/100/0/threaded" + }, + { + "name": "23255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23255" + }, + { + "name": "USN-393-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-393-1" + }, + { + "name": "23513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23513" + }, + { + "name": "23284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23284" + }, + { + "name": "USN-393-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-393-2" + }, + { + "name": "23245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23245" + }, + { + "name": "[gnupg-announce] GnuPG: remotely controllable function pointer [CVE-2006-6235]", + "refsource": "MLIST", + "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html" + }, + { + "name": "VU#427009", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/427009" + }, + { + "name": "SUSE-SR:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html" + }, + { + "name": "RHSA-2006:0754", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0754.html" + }, + { + "name": "DSA-1231", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1231" + }, + { + "name": "20061206 GnuPG: remotely controllable function pointer [CVE-2006-6235]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453664/100/0/threaded" + }, + { + "name": "23335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23335" + }, + { + "name": "23299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23299" + }, + { + "name": "21462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21462" + }, + { + "name": "2006-0070", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0070" + }, + { + "name": "23329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23329" + }, + { + "name": "GLSA-200612-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-03.xml" + }, + { + "name": "23259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23259" + }, + { + "name": "MDKSA-2006:228", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:228" + }, + { + "name": "23290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23290" + }, + { + "name": "https://issues.rpath.com/browse/RPL-835", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-835" + }, + { + "name": "SUSE-SA:2006:075", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-047.htm" + }, + { + "name": "ADV-2006-4881", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4881" + }, + { + "name": "oval:org.mitre.oval:def:11245", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11245" + }, + { + "name": "23250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23250" + }, + { + "name": "20061201-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc" + }, + { + "name": "gnupg-openpgp-code-execution(30711)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30711" + }, + { + "name": "OpenPKG-SA-2006.037", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.037.html" + }, + { + "name": "24047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24047" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6461.json b/2006/6xxx/CVE-2006-6461.json index e111f86aaf6..3fd372487fa 100644 --- a/2006/6xxx/CVE-2006-6461.json +++ b/2006/6xxx/CVE-2006-6461.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attackers to obtain the installation path via an invalid id parameter, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2508." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060518 Yourfreeworld Styleish Text Ads Script", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0381.html" - }, - { - "name" : "yourfreeworld-Tr1PathDisclosure(26571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attackers to obtain the installation path via an invalid id parameter, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2508." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "yourfreeworld-Tr1PathDisclosure(26571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26571" + }, + { + "name": "20060518 Yourfreeworld Styleish Text Ads Script", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0381.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6567.json b/2006/6xxx/CVE-2006-6567.json index 66387e1538e..1ad1f85ea51 100644 --- a/2006/6xxx/CVE-2006-6567.json +++ b/2006/6xxx/CVE-2006-6567.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2924", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2924" - }, - { - "name" : "21577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21577" - }, - { - "name" : "ADV-2006-4982", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4982" - }, - { - "name" : "23356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23356" - }, - { - "name" : "mxbbknowledge-kb-file-include(30856)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23356" + }, + { + "name": "ADV-2006-4982", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4982" + }, + { + "name": "2924", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2924" + }, + { + "name": "mxbbknowledge-kb-file-include(30856)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30856" + }, + { + "name": "21577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21577" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0323.json b/2011/0xxx/CVE-2011-0323.json index 6fca2116158..8807233a039 100644 --- a/2011/0xxx/CVE-2011-0323.json +++ b/2011/0xxx/CVE-2011-0323.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allows remote attackers to execute arbitrary code by calling the exposed unsafe (1) SetLogFilePath and (2) SigMessage methods to create arbitrary files with arbitrary content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-0323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2011-1/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2011-1/" - }, - { - "name" : "46128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46128" - }, - { - "name" : "42800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42800" - }, - { - "name" : "sigplus-sigmessage-file-overwrite(65117)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allows remote attackers to execute arbitrary code by calling the exposed unsafe (1) SetLogFilePath and (2) SigMessage methods to create arbitrary files with arbitrary content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sigplus-sigmessage-file-overwrite(65117)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65117" + }, + { + "name": "42800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42800" + }, + { + "name": "46128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46128" + }, + { + "name": "http://secunia.com/secunia_research/2011-1/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2011-1/" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0488.json b/2011/0xxx/CVE-2011-0488.json index 00f675ca3f7..62f59f8ee1e 100644 --- a/2011/0xxx/CVE-2011-0488.json +++ b/2011/0xxx/CVE-2011-0488.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.indusoft.com/blog/?p=337", - "refsource" : "MISC", - "url" : "http://www.indusoft.com/blog/?p=337" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf" - }, - { - "name" : "http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD", - "refsource" : "CONFIRM", - "url" : "http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD" - }, - { - "name" : "http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm", - "refsource" : "CONFIRM", - "url" : "http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm" - }, - { - "name" : "VU#506864", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/506864" - }, - { - "name" : "45783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45783" - }, - { - "name" : "70396", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70396" - }, - { - "name" : "42883", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42883" - }, - { - "name" : "42903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42903" - }, - { - "name" : "ADV-2011-0092", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0092" - }, - { - "name" : "ADV-2011-0093", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0093" - }, - { - "name" : "indusoft-ntwebserver-bo(64678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42903" + }, + { + "name": "70396", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70396" + }, + { + "name": "http://www.indusoft.com/blog/?p=337", + "refsource": "MISC", + "url": "http://www.indusoft.com/blog/?p=337" + }, + { + "name": "VU#506864", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/506864" + }, + { + "name": "ADV-2011-0093", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0093" + }, + { + "name": "http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD", + "refsource": "CONFIRM", + "url": "http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf" + }, + { + "name": "ADV-2011-0092", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0092" + }, + { + "name": "http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm", + "refsource": "CONFIRM", + "url": "http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm" + }, + { + "name": "42883", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42883" + }, + { + "name": "45783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45783" + }, + { + "name": "indusoft-ntwebserver-bo(64678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64678" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2473.json b/2011/2xxx/CVE-2011-2473.json index d0de3fc0ca8..7e0f3ec948d 100644 --- a/2011/2xxx/CVE-2011-2473.json +++ b/2011/2xxx/CVE-2011-2473.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/03/1" - }, - { - "name" : "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/10/6" - }, - { - "name" : "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/10/7" - }, - { - "name" : "[oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/11/1" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212" - }, - { - "name" : "DSA-2254", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2254" - }, - { - "name" : "oprofile-opcontrol-symlink(67978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110503 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/03/1" + }, + { + "name": "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/10/7" + }, + { + "name": "[oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/11/1" + }, + { + "name": "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/10/6" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212" + }, + { + "name": "DSA-2254", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2254" + }, + { + "name": "oprofile-opcontrol-symlink(67978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67978" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2850.json b/2011/2xxx/CVE-2011-2850.json index be40cdc8ce8..a522defeff5 100644 --- a/2011/2xxx/CVE-2011-2850.json +++ b/2011/2xxx/CVE-2011-2850.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=90134", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=90134" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" - }, - { - "name" : "75551", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75551" - }, - { - "name" : "oval:org.mitre.oval:def:14710", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14710" - }, - { - "name" : "chrome-khmer-code-execution(69877)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=90134", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=90134" + }, + { + "name": "chrome-khmer-code-execution(69877)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69877" + }, + { + "name": "oval:org.mitre.oval:def:14710", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14710" + }, + { + "name": "75551", + "refsource": "OSVDB", + "url": "http://osvdb.org/75551" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2867.json b/2011/2xxx/CVE-2011-2867.json index a184721b0c7..1270cc078ac 100644 --- a/2011/2xxx/CVE-2011-2867.json +++ b/2011/2xxx/CVE-2011-2867.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "79906", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79906" - }, - { - "name" : "oval:org.mitre.oval:def:16994", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16994" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20112867-code-execution(73796)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "79906", + "refsource": "OSVDB", + "url": "http://osvdb.org/79906" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "oval:org.mitre.oval:def:16994", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16994" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "apple-webkit-cve20112867-code-execution(73796)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73796" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3610.json b/2011/3xxx/CVE-2011-3610.json index 1ba11a16217..dfd2c4ffb9f 100644 --- a/2011/3xxx/CVE-2011-3610.json +++ b/2011/3xxx/CVE-2011-3610.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3610", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3610", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3803.json b/2011/3xxx/CVE-2011-3803.json index 220bfb6a8ee..ad1e3323512 100644 --- a/2011/3xxx/CVE-2011-3803.json +++ b/2011/3xxx/CVE-2011-3803.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/SugarCRM-6.1.0", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/SugarCRM-6.1.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/SugarCRM-6.1.0", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/SugarCRM-6.1.0" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3833.json b/2011/3xxx/CVE-2011-3833.json index 144856a931d..2b9f782ee54 100644 --- a/2011/3xxx/CVE-2011-3833.json +++ b/2011/3xxx/CVE-2011-3833.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-3833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18108", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18108" - }, - { - "name" : "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt" - }, - { - "name" : "http://secunia.com/secunia_research/2011-79/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2011-79/" - }, - { - "name" : "VU#576355", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/576355" - }, - { - "name" : "50632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50632" - }, - { - "name" : "50896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50896" - }, - { - "name" : "77003", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77003" - }, - { - "name" : "45453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45453" - }, - { - "name" : "sit-ftpuploadfile-file-upload(71237)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71237" - }, - { - "name" : "sit-multiple-file-upload(71651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sit-multiple-file-upload(71651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651" + }, + { + "name": "50632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50632" + }, + { + "name": "VU#576355", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/576355" + }, + { + "name": "http://secunia.com/secunia_research/2011-79/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2011-79/" + }, + { + "name": "50896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50896" + }, + { + "name": "18108", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18108" + }, + { + "name": "45453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45453" + }, + { + "name": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt" + }, + { + "name": "77003", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77003" + }, + { + "name": "sit-ftpuploadfile-file-upload(71237)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71237" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4707.json b/2011/4xxx/CVE-2011-4707.json index cc43cbbf631..634a0b12c6b 100644 --- a/2011/4xxx/CVE-2011-4707.json +++ b/2011/4xxx/CVE-2011-4707.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111117 [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520554/100/0/threaded" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=336", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=336" - }, - { - "name" : "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/" - }, - { - "name" : "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a", - "refsource" : "CONFIRM", - "url" : "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1546307", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1546307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111117 [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520554/100/0/threaded" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=336", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=336" + }, + { + "name": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a", + "refsource": "CONFIRM", + "url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a" + }, + { + "name": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/" + }, + { + "name": "https://service.sap.com/sap/support/notes/1546307", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1546307" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4777.json b/2011/4xxx/CVE-2011-4777.json index 4c40ef6bd0a..9876ae830c1 100644 --- a/2011/4xxx/CVE-2011-4777.json +++ b/2011/4xxx/CVE-2011-4777.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html", - "refsource" : "MISC", - "url" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html", + "refsource": "MISC", + "url": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1504.json b/2013/1xxx/CVE-2013-1504.json index f1a9affa3eb..752ef2d5e09 100644 --- a/2013/1xxx/CVE-2013-1504.json +++ b/2013/1xxx/CVE-2013-1504.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-2390." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-2390." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1594.json b/2013/1xxx/CVE-2013-1594.json index fa378c788bb..53a28568e6e 100644 --- a/2013/1xxx/CVE-2013-1594.json +++ b/2013/1xxx/CVE-2013-1594.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1594", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1594", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1884.json b/2013/1xxx/CVE-2013-1884.json index 344b128f982..167ef600172 100644 --- a/2013/1xxx/CVE-2013-1884.json +++ b/2013/1xxx/CVE-2013-1884.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[subversion-announce] 20130404 Apache Subversion 1.7.9 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E" - }, - { - "name" : "http://subversion.apache.org/security/CVE-2013-1884-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.apache.org/security/CVE-2013-1884-advisory.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=929095", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=929095" - }, - { - "name" : "MDVSA-2013:153", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:153" - }, - { - "name" : "openSUSE-SU-2013:0687", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html" - }, - { - "name" : "USN-1893-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1893-1" - }, - { - "name" : "oval:org.mitre.oval:def:18788", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://subversion.apache.org/security/CVE-2013-1884-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.apache.org/security/CVE-2013-1884-advisory.txt" + }, + { + "name": "openSUSE-SU-2013:0687", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=929095", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929095" + }, + { + "name": "[subversion-announce] 20130404 Apache Subversion 1.7.9 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E" + }, + { + "name": "oval:org.mitre.oval:def:18788", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18788" + }, + { + "name": "USN-1893-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1893-1" + }, + { + "name": "MDVSA-2013:153", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:153" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1921.json b/2013/1xxx/CVE-2013-1921.json index 16b42de3f3a..fb2b9a6e88f 100644 --- a/2013/1xxx/CVE-2013-1921.json +++ b/2013/1xxx/CVE-2013-1921.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=948106", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=948106" - }, - { - "name" : "RHSA-2013:1207", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1207.html" - }, - { - "name" : "RHSA-2013:1208", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1208.html" - }, - { - "name" : "RHSA-2013:1209", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1209.html" - }, - { - "name" : "RHSA-2013:1437", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1437.html" - }, - { - "name" : "RHSA-2014:0029", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0029.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0029", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=948106", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948106" + }, + { + "name": "RHSA-2013:1209", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html" + }, + { + "name": "RHSA-2013:1437", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html" + }, + { + "name": "RHSA-2013:1207", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html" + }, + { + "name": "RHSA-2013:1208", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5222.json b/2013/5xxx/CVE-2013-5222.json index ed7d6a884e5..372552bcb35 100644 --- a/2013/5xxx/CVE-2013-5222.json +++ b/2013/5xxx/CVE-2013-5222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.esri.com/en/knowledgebase/techarticles/detail/41494", - "refsource" : "CONFIRM", - "url" : "http://support.esri.com/en/knowledgebase/techarticles/detail/41494" - }, - { - "name" : "http://support.esri.com/en/knowledgebase/techarticles/detail/41498", - "refsource" : "CONFIRM", - "url" : "http://support.esri.com/en/knowledgebase/techarticles/detail/41498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.esri.com/en/knowledgebase/techarticles/detail/41498", + "refsource": "CONFIRM", + "url": "http://support.esri.com/en/knowledgebase/techarticles/detail/41498" + }, + { + "name": "http://support.esri.com/en/knowledgebase/techarticles/detail/41494", + "refsource": "CONFIRM", + "url": "http://support.esri.com/en/knowledgebase/techarticles/detail/41494" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5348.json b/2013/5xxx/CVE-2013-5348.json index 16faa65498e..1517bbed788 100644 --- a/2013/5xxx/CVE-2013-5348.json +++ b/2013/5xxx/CVE-2013-5348.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5348", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5348", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5405.json b/2013/5xxx/CVE-2013-5405.json index 0b320f07bc2..f00c7d4f7ed 100644 --- a/2013/5xxx/CVE-2013-5405.json +++ b/2013/5xxx/CVE-2013-5405.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657539" - }, - { - "name" : "IC96053", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96053" - }, - { - "name" : "64443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64443" - }, - { - "name" : "ibm-sterling-cve20135405-xss(87354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sterling-cve20135405-xss(87354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87354" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539" + }, + { + "name": "64443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64443" + }, + { + "name": "IC96053", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96053" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5694.json b/2013/5xxx/CVE-2013-5694.json index 4e33970d898..6df8afbb438 100644 --- a/2013/5xxx/CVE-2013-5694.json +++ b/2013/5xxx/CVE-2013-5694.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131028 CVE-2013-5694 Blind SQL Injection in Ops View", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-10/0149.html" - }, - { - "name" : "29326", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/29326" - }, - { - "name" : "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes", - "refsource" : "MISC", - "url" : "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes" - }, - { - "name" : "http://osvdb.org/ref/99/opsview-sqli.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/99/opsview-sqli.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/123821/Ops-View-Pre-4.4.1-Blind-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123821/Ops-View-Pre-4.4.1-Blind-SQL-Injection.html" - }, - { - "name" : "63387", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63387" - }, - { - "name" : "99038", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/123821/Ops-View-Pre-4.4.1-Blind-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123821/Ops-View-Pre-4.4.1-Blind-SQL-Injection.html" + }, + { + "name": "http://osvdb.org/ref/99/opsview-sqli.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/99/opsview-sqli.txt" + }, + { + "name": "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes", + "refsource": "MISC", + "url": "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes" + }, + { + "name": "29326", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/29326" + }, + { + "name": "99038", + "refsource": "OSVDB", + "url": "http://osvdb.org/99038" + }, + { + "name": "63387", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63387" + }, + { + "name": "20131028 CVE-2013-5694 Blind SQL Injection in Ops View", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0149.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2056.json b/2014/2xxx/CVE-2014-2056.json index 148a16a20c4..2939f5aa45e 100644 --- a/2014/2xxx/CVE-2014-2056.json +++ b/2014/2xxx/CVE-2014-2056.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2014-006/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2014-006/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2237.json b/2014/2xxx/CVE-2014-2237.json index 70976e11136..83132e00f16 100644 --- a/2014/2xxx/CVE-2014-2237.json +++ b/2014/2xxx/CVE-2014-2237.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140304 [OSSA 2014-006] Trustee token revocation does not work with memcache backend (CVE-2014-2237)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/04/16" - }, - { - "name" : "https://bugs.launchpad.net/keystone/+bug/1260080", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/keystone/+bug/1260080" - }, - { - "name" : "RHSA-2014:0580", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0580.html" - }, - { - "name" : "65895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140304 [OSSA 2014-006] Trustee token revocation does not work with memcache backend (CVE-2014-2237)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/04/16" + }, + { + "name": "65895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65895" + }, + { + "name": "https://bugs.launchpad.net/keystone/+bug/1260080", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/keystone/+bug/1260080" + }, + { + "name": "RHSA-2014:0580", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0580.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2412.json b/2014/2xxx/CVE-2014-2412.json index ada1c393ee2..0db7ed56cc5 100644 --- a/2014/2xxx/CVE-2014-2412.json +++ b/2014/2xxx/CVE-2014-2412.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" - }, - { - "name" : "DSA-2912", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2912" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "HPSBUX03092", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101668", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "RHSA-2014:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html" - }, - { - "name" : "RHSA-2014:0685", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0685.html" - }, - { - "name" : "RHSA-2014:0413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0413" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "USN-2191-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2191-1" - }, - { - "name" : "USN-2187-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2187-1" - }, - { - "name" : "66873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66873" - }, - { - "name" : "58415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2187-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2187-1" + }, + { + "name": "RHSA-2014:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "USN-2191-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2191-1" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" + }, + { + "name": "RHSA-2014:0413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0413" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "66873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66873" + }, + { + "name": "HPSBUX03092", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "RHSA-2014:0685", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html" + }, + { + "name": "DSA-2912", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2912" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "58415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58415" + }, + { + "name": "SSRT101668", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2413.json b/2014/2xxx/CVE-2014-2413.json index d22f360e994..f885eb19cb7 100644 --- a/2014/2xxx/CVE-2014-2413.json +++ b/2014/2xxx/CVE-2014-2413.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "RHSA-2014:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html" - }, - { - "name" : "RHSA-2014:0413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0413" - }, - { - "name" : "USN-2187-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2187-1" - }, - { - "name" : "66917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2187-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2187-1" + }, + { + "name": "RHSA-2014:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "RHSA-2014:0413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0413" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "66917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66917" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2931.json b/2014/2xxx/CVE-2014-2931.json index b853243569c..21bac9636d5 100644 --- a/2014/2xxx/CVE-2014-2931.json +++ b/2014/2xxx/CVE-2014-2931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2931", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2931", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6421.json b/2014/6xxx/CVE-2014-6421.json index c6c843dd675..bf56c285695 100644 --- a/2014/6xxx/CVE-2014-6421.json +++ b/2014/6xxx/CVE-2014-6421.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2014-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2014-12.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9920", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9920" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=04c05a21e34cec326f1aff2f5f8a6e74e1ced984", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=04c05a21e34cec326f1aff2f5f8a6e74e1ced984" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1676", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1676" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1677", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1677" - }, - { - "name" : "RHSA-2014:1676", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1676.html" - }, - { - "name" : "RHSA-2014:1677", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1677.html" - }, - { - "name" : "SUSE-SU-2014:1221", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html" - }, - { - "name" : "openSUSE-SU-2014:1249", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html" - }, - { - "name" : "60280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60280" - }, - { - "name" : "61929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61929" - }, - { - "name" : "61933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1676", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1676" + }, + { + "name": "61933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61933" + }, + { + "name": "openSUSE-SU-2014:1249", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html" + }, + { + "name": "RHSA-2014:1677", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1677.html" + }, + { + "name": "RHSA-2014:1676", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1676.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9920", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9920" + }, + { + "name": "SUSE-SU-2014:1221", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=04c05a21e34cec326f1aff2f5f8a6e74e1ced984", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=04c05a21e34cec326f1aff2f5f8a6e74e1ced984" + }, + { + "name": "60280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60280" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1677", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1677" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2014-12.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2014-12.html" + }, + { + "name": "61929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61929" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0612.json b/2017/0xxx/CVE-2017-0612.json index fb1f991f82a..4fe418abf49 100644 --- a/2017/0xxx/CVE-2017-0612.json +++ b/2017/0xxx/CVE-2017-0612.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98231" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0754.json b/2017/0xxx/CVE-2017-0754.json index 37ceca10efb..0d5a0c2c776 100644 --- a/2017/0xxx/CVE-2017-0754.json +++ b/2017/0xxx/CVE-2017-0754.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0754", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0754", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000464.json b/2017/1000xxx/CVE-2017-1000464.json index 79f0768970d..ba5c7546612 100644 --- a/2017/1000xxx/CVE-2017-1000464.json +++ b/2017/1000xxx/CVE-2017-1000464.json @@ -1,20 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000464", - "REQUESTER" : "sajeeb.lohani@bulletproof.sh", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1000464", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16455.json b/2017/16xxx/CVE-2017-16455.json index 6781b14676a..0447fa57325 100644 --- a/2017/16xxx/CVE-2017-16455.json +++ b/2017/16xxx/CVE-2017-16455.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16455", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16455", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16536.json b/2017/16xxx/CVE-2017-16536.json index 1abdca10efe..fd37b496409 100644 --- a/2017/16xxx/CVE-2017-16536.json +++ b/2017/16xxx/CVE-2017-16536.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" - }, - { - "name" : "https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ", - "refsource" : "MISC", - "url" : "https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ" - }, - { - "name" : "https://patchwork.kernel.org/patch/9963527/", - "refsource" : "MISC", - "url" : "https://patchwork.kernel.org/patch/9963527/" - }, - { - "name" : "USN-3619-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-1/" - }, - { - "name" : "USN-3619-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-2/" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3619-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-2/" + }, + { + "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ", + "refsource": "MISC", + "url": "https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ" + }, + { + "name": "https://patchwork.kernel.org/patch/9963527/", + "refsource": "MISC", + "url": "https://patchwork.kernel.org/patch/9963527/" + }, + { + "name": "USN-3619-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16709.json b/2017/16xxx/CVE-2017-16709.json index 159bb4d23f4..0f33d36f9ee 100644 --- a/2017/16xxx/CVE-2017-16709.json +++ b/2017/16xxx/CVE-2017-16709.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709", - "refsource" : "CONFIRM", - "url" : "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709", + "refsource": "CONFIRM", + "url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16918.json b/2017/16xxx/CVE-2017-16918.json index 0542b7b4ac4..0f369e30d66 100644 --- a/2017/16xxx/CVE-2017-16918.json +++ b/2017/16xxx/CVE-2017-16918.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16918", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16918", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16931.json b/2017/16xxx/CVE-2017-16931.json index 157e87831a0..d0df35029a8 100644 --- a/2017/16xxx/CVE-2017-16931.json +++ b/2017/16xxx/CVE-2017-16931.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171130 [SECURITY] [DLA 1194-1] libxml2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - }, - { - "name" : "http://xmlsoft.org/news.html", - "refsource" : "CONFIRM", - "url" : "http://xmlsoft.org/news.html" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=766956" - }, - { - "name" : "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "refsource" : "CONFIRM", - "url" : "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=766956", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=766956" + }, + { + "name": "[debian-lts-announce] 20171130 [SECURITY] [DLA 1194-1] libxml2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" + }, + { + "name": "http://xmlsoft.org/news.html", + "refsource": "CONFIRM", + "url": "http://xmlsoft.org/news.html" + }, + { + "name": "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", + "refsource": "CONFIRM", + "url": "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1354.json b/2017/1xxx/CVE-2017-1354.json index c85ce5ebd52..f4739c586e9 100644 --- a/2017/1xxx/CVE-2017-1354.json +++ b/2017/1xxx/CVE-2017-1354.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-14T00:00:00", - "ID" : "CVE-2017-1354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlas eDiscovery Process Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.3.2" - }, - { - "version_value" : "6.0.3.3" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.0.3.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-14T00:00:00", + "ID": "CVE-2017-1354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlas eDiscovery Process Management", + "version": { + "version_data": [ + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.3.2" + }, + { + "version_value": "6.0.3.3" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.0.3.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126681", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126681" - }, - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22005828", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22005828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126681", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126681" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22005828", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22005828" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1893.json b/2017/1xxx/CVE-2017-1893.json index 8ddefabffd0..be6c756d034 100644 --- a/2017/1xxx/CVE-2017-1893.json +++ b/2017/1xxx/CVE-2017-1893.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1893", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1893", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4037.json b/2017/4xxx/CVE-2017-4037.json index 74f9f42659f..24281f9a82a 100644 --- a/2017/4xxx/CVE-2017-4037.json +++ b/2017/4xxx/CVE-2017-4037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4037", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4037", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4384.json b/2017/4xxx/CVE-2017-4384.json index 609d79873f3..7ff4395530a 100644 --- a/2017/4xxx/CVE-2017-4384.json +++ b/2017/4xxx/CVE-2017-4384.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4384", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4384", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4584.json b/2017/4xxx/CVE-2017-4584.json index ae5b64545e0..336b8e31d02 100644 --- a/2017/4xxx/CVE-2017-4584.json +++ b/2017/4xxx/CVE-2017-4584.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4584", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4584", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4718.json b/2017/4xxx/CVE-2017-4718.json index 471403a8539..b12c84b676c 100644 --- a/2017/4xxx/CVE-2017-4718.json +++ b/2017/4xxx/CVE-2017-4718.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4718", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4718", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4752.json b/2017/4xxx/CVE-2017-4752.json index 16332c2bdbb..131bdda23ca 100644 --- a/2017/4xxx/CVE-2017-4752.json +++ b/2017/4xxx/CVE-2017-4752.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4752", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4752", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5012.json b/2018/5xxx/CVE-2018-5012.json index abaafd770d1..6570018484b 100644 --- a/2018/5xxx/CVE-2018-5012.json +++ b/2018/5xxx/CVE-2018-5012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted pointer dereference" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104701" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted pointer dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + }, + { + "name": "104701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104701" + } + ] + } +} \ No newline at end of file