From a3da35042d3dc9de954c9067f924055820dc1b5f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:02:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0417.json | 130 +++++----- 2001/0xxx/CVE-2001-0473.json | 180 +++++++------- 2001/0xxx/CVE-2001-0622.json | 150 ++++++------ 2001/0xxx/CVE-2001-0774.json | 170 ++++++------- 2001/1xxx/CVE-2001-1207.json | 150 ++++++------ 2001/1xxx/CVE-2001-1320.json | 180 +++++++------- 2006/2xxx/CVE-2006-2164.json | 170 ++++++------- 2006/2xxx/CVE-2006-2270.json | 200 ++++++++-------- 2006/2xxx/CVE-2006-2458.json | 260 ++++++++++---------- 2006/2xxx/CVE-2006-2517.json | 160 ++++++------- 2006/2xxx/CVE-2006-2603.json | 34 +-- 2006/2xxx/CVE-2006-2811.json | 370 ++++++++++++++--------------- 2006/6xxx/CVE-2006-6216.json | 140 +++++------ 2008/5xxx/CVE-2008-5997.json | 140 +++++------ 2011/2xxx/CVE-2011-2498.json | 34 +-- 2011/2xxx/CVE-2011-2663.json | 150 ++++++------ 2011/2xxx/CVE-2011-2799.json | 220 ++++++++--------- 2011/3xxx/CVE-2011-3166.json | 150 ++++++------ 2011/3xxx/CVE-2011-3488.json | 120 +++++----- 2011/3xxx/CVE-2011-3517.json | 180 +++++++------- 2011/3xxx/CVE-2011-3586.json | 34 +-- 2011/3xxx/CVE-2011-3704.json | 140 +++++------ 2011/4xxx/CVE-2011-4628.json | 34 +-- 2011/4xxx/CVE-2011-4731.json | 120 +++++----- 2011/4xxx/CVE-2011-4816.json | 170 ++++++------- 2013/0xxx/CVE-2013-0002.json | 140 +++++------ 2013/0xxx/CVE-2013-0084.json | 140 +++++------ 2013/0xxx/CVE-2013-0170.json | 290 +++++++++++----------- 2013/0xxx/CVE-2013-0503.json | 140 +++++------ 2013/1xxx/CVE-2013-1044.json | 180 +++++++------- 2013/1xxx/CVE-2013-1682.json | 300 +++++++++++------------ 2013/1xxx/CVE-2013-1763.json | 250 +++++++++---------- 2013/1xxx/CVE-2013-1798.json | 270 ++++++++++----------- 2013/1xxx/CVE-2013-1927.json | 330 ++++++++++++------------- 2013/1xxx/CVE-2013-1955.json | 140 +++++------ 2013/5xxx/CVE-2013-5421.json | 130 +++++----- 2013/5xxx/CVE-2013-5474.json | 120 +++++----- 2013/5xxx/CVE-2013-5736.json | 34 +-- 2014/2xxx/CVE-2014-2200.json | 120 +++++----- 2014/2xxx/CVE-2014-2326.json | 240 +++++++++---------- 2014/2xxx/CVE-2014-2679.json | 34 +-- 2017/0xxx/CVE-2017-0413.json | 158 ++++++------ 2017/0xxx/CVE-2017-0536.json | 146 ++++++------ 2017/0xxx/CVE-2017-0748.json | 132 +++++----- 2017/0xxx/CVE-2017-0817.json | 190 +++++++-------- 2017/1000xxx/CVE-2017-1000005.json | 124 +++++----- 2017/12xxx/CVE-2017-12127.json | 122 +++++----- 2017/16xxx/CVE-2017-16124.json | 132 +++++----- 2017/16xxx/CVE-2017-16150.json | 132 +++++----- 2017/16xxx/CVE-2017-16262.json | 34 +-- 2017/16xxx/CVE-2017-16479.json | 34 +-- 2017/16xxx/CVE-2017-16538.json | 200 ++++++++-------- 2017/1xxx/CVE-2017-1276.json | 232 +++++++++--------- 2017/4xxx/CVE-2017-4381.json | 34 +-- 2017/4xxx/CVE-2017-4537.json | 34 +-- 2017/4xxx/CVE-2017-4755.json | 34 +-- 2017/4xxx/CVE-2017-4881.json | 34 +-- 2018/5xxx/CVE-2018-5108.json | 162 ++++++------- 2018/5xxx/CVE-2018-5123.json | 34 +-- 2018/5xxx/CVE-2018-5577.json | 34 +-- 60 files changed, 4323 insertions(+), 4323 deletions(-) diff --git a/2001/0xxx/CVE-2001-0417.json b/2001/0xxx/CVE-2001-0417.json index c5f654efc60..6fb0848ff91 100644 --- a/2001/0xxx/CVE-2001-0417.json +++ b/2001/0xxx/CVE-2001-0417.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010307 Security advisory: Unsafe temporary file handling in krb4", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html" - }, - { - "name" : "RHSA-2001:025", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-025.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010307 Security advisory: Unsafe temporary file handling in krb4", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html" + }, + { + "name": "RHSA-2001:025", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-025.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0473.json b/2001/0xxx/CVE-2001-0473.json index 9102885bd75..a3ed309fcd3 100644 --- a/2001/0xxx/CVE-2001-0473.json +++ b/2001/0xxx/CVE-2001-0473.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2001-031", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3" - }, - { - "name" : "RHSA-2001:029", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-029.html" - }, - { - "name" : "20010315 Immunix OS Security update for mutt", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98473109630421&w=2" - }, - { - "name" : "CLA-2001:385", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385" - }, - { - "name" : "20010320 Trustix Security Advisory - mutt", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html" - }, - { - "name" : "mutt-imap-format-string(6235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235" - }, - { - "name" : "5615", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010320 Trustix Security Advisory - mutt", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html" + }, + { + "name": "5615", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5615" + }, + { + "name": "RHSA-2001:029", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-029.html" + }, + { + "name": "20010315 Immunix OS Security update for mutt", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98473109630421&w=2" + }, + { + "name": "mutt-imap-format-string(6235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235" + }, + { + "name": "CLA-2001:385", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385" + }, + { + "name": "MDKSA-2001-031", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0622.json b/2001/0xxx/CVE-2001-0622.json index db1c635c5c8..01f1b3867ff 100644 --- a/2001/0xxx/CVE-2001-0622.json +++ b/2001/0xxx/CVE-2001-0622.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010531 Cisco Content Service Switch 11000 Series Web Management Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml" - }, - { - "name" : "cisco-css-web-management(6631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6631" - }, - { - "name" : "2806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2806" - }, - { - "name" : "1848", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-css-web-management(6631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6631" + }, + { + "name": "1848", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1848" + }, + { + "name": "2806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2806" + }, + { + "name": "20010531 Cisco Content Service Switch 11000 Series Web Management Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0774.json b/2001/0xxx/CVE-2001-0774.json index b172cfc2a35..55db08bf02e 100644 --- a/2001/0xxx/CVE-2001-0774.json +++ b/2001/0xxx/CVE-2001-0774.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010709 Tripwire temporary files", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/195617" - }, - { - "name" : "3003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3003" - }, - { - "name" : "tripwire-tmpfile-symlink(6820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6820" - }, - { - "name" : "VU#349019", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/349019" - }, - { - "name" : "MDKSA-2001:064", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-064.php3" - }, - { - "name" : "1895", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3003" + }, + { + "name": "MDKSA-2001:064", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-064.php3" + }, + { + "name": "20010709 Tripwire temporary files", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/195617" + }, + { + "name": "1895", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1895" + }, + { + "name": "tripwire-tmpfile-symlink(6820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6820" + }, + { + "name": "VU#349019", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/349019" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1207.json b/2001/1xxx/CVE-2001-1207.json index 28ed7dca36d..c151a5ee850 100644 --- a/2001/1xxx/CVE-2001-1207.json +++ b/2001/1xxx/CVE-2001-1207.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011230 DayDream BBS buffer overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/247708" - }, - { - "name" : "http://www.cs.uku.fi/~hlyytine/daydream-2.11/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.cs.uku.fi/~hlyytine/daydream-2.11/ChangeLog" - }, - { - "name" : "3757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3757" - }, - { - "name" : "daydream-bbs-control-code-bo(7755)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7755.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cs.uku.fi/~hlyytine/daydream-2.11/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.cs.uku.fi/~hlyytine/daydream-2.11/ChangeLog" + }, + { + "name": "3757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3757" + }, + { + "name": "daydream-bbs-control-code-bo(7755)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7755.php" + }, + { + "name": "20011230 DayDream BBS buffer overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/247708" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1320.json b/2001/1xxx/CVE-2001-1320.json index 91b48d8a081..2f1f8033f76 100644 --- a/2001/1xxx/CVE-2001-1320.json +++ b/2001/1xxx/CVE-2001-1320.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "L-116", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml" - }, - { - "name" : "CA-2001-18", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-18.html" - }, - { - "name" : "VU#765256", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/765256" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/JPLA-4WESNK", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JPLA-4WESNK" - }, - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" - }, - { - "name" : "3046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3046" - }, - { - "name" : "pgp-keyserver-ldap-bo(6900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2001-18", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-18.html" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" + }, + { + "name": "L-116", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml" + }, + { + "name": "VU#765256", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/765256" + }, + { + "name": "http://www.kb.cert.org/vuls/id/JPLA-4WESNK", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JPLA-4WESNK" + }, + { + "name": "pgp-keyserver-ldap-bo(6900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6900" + }, + { + "name": "3046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3046" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2164.json b/2006/2xxx/CVE-2006-2164.json index 5ad06290b9d..54652566998 100644 --- a/2006/2xxx/CVE-2006-2164.json +++ b/2006/2xxx/CVE-2006-2164.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html" - }, - { - "name" : "25637", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25637" - }, - { - "name" : "25638", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25638" - }, - { - "name" : "25639", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25639" - }, - { - "name" : "25640", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25640" - }, - { - "name" : "avactis-multiple-scripts-sql-injection(26178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25639", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25639" + }, + { + "name": "avactis-multiple-scripts-sql-injection(26178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26178" + }, + { + "name": "http://pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html" + }, + { + "name": "25638", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25638" + }, + { + "name": "25637", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25637" + }, + { + "name": "25640", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25640" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2270.json b/2006/2xxx/CVE-2006-2270.json index f917b87802a..7ccaae8c4f4 100644 --- a/2006/2xxx/CVE-2006-2270.json +++ b/2006/2xxx/CVE-2006-2270.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060506 JetBox CMS Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433121/100/0/threaded" - }, - { - "name" : "17861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17861" - }, - { - "name" : "ADV-2006-1686", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1686" - }, - { - "name" : "25313", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25313" - }, - { - "name" : "1016061", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016061" - }, - { - "name" : "19993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19993" - }, - { - "name" : "861", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/861" - }, - { - "name" : "jetboxcms-config-file-include(26289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26289" - }, - { - "name" : "jetboxcms-phpthumb-file-include(28843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19993" + }, + { + "name": "1016061", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016061" + }, + { + "name": "jetboxcms-phpthumb-file-include(28843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28843" + }, + { + "name": "20060506 JetBox CMS Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433121/100/0/threaded" + }, + { + "name": "25313", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25313" + }, + { + "name": "17861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17861" + }, + { + "name": "861", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/861" + }, + { + "name": "jetboxcms-config-file-include(26289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26289" + }, + { + "name": "ADV-2006-1686", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1686" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2458.json b/2006/2xxx/CVE-2006-2458.json index 8ce64f35c2e..a4ea2ed3dac 100644 --- a/2006/2xxx/CVE-2006-2458.json +++ b/2006/2xxx/CVE-2006-2458.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060517 Two heap overflow in libextractor 0.5.13 (rev 2832)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434288/100/0/threaded" - }, - { - "name" : "http://gnunet.org/libextractor/", - "refsource" : "CONFIRM", - "url" : "http://gnunet.org/libextractor/" - }, - { - "name" : "DSA-1081", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1081" - }, - { - "name" : "GLSA-200605-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml" - }, - { - "name" : "SUSE-SR:2006:012", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-06-02.html" - }, - { - "name" : "18021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18021" - }, - { - "name" : "ADV-2006-1848", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1848" - }, - { - "name" : "1016118", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016118" - }, - { - "name" : "20150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20150" - }, - { - "name" : "20160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20160" - }, - { - "name" : "20326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20326" - }, - { - "name" : "20457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20457" - }, - { - "name" : "916", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/916" - }, - { - "name" : "libextractor-asfextractor-bo(26531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26531" - }, - { - "name" : "libextractor-qtextractor-bo(26532)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060517 Two heap overflow in libextractor 0.5.13 (rev 2832)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434288/100/0/threaded" + }, + { + "name": "1016118", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016118" + }, + { + "name": "18021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18021" + }, + { + "name": "SUSE-SR:2006:012", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-06-02.html" + }, + { + "name": "916", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/916" + }, + { + "name": "20160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20160" + }, + { + "name": "20326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20326" + }, + { + "name": "20150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20150" + }, + { + "name": "DSA-1081", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1081" + }, + { + "name": "http://gnunet.org/libextractor/", + "refsource": "CONFIRM", + "url": "http://gnunet.org/libextractor/" + }, + { + "name": "libextractor-asfextractor-bo(26531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26531" + }, + { + "name": "GLSA-200605-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-14.xml" + }, + { + "name": "libextractor-qtextractor-bo(26532)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26532" + }, + { + "name": "20457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20457" + }, + { + "name": "ADV-2006-1848", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1848" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2517.json b/2006/2xxx/CVE-2006-2517.json index 3f209eca73b..733c29432aa 100644 --- a/2006/2xxx/CVE-2006-2517.json +++ b/2006/2xxx/CVE-2006-2517.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.myweb-jp.com/support/tech/tech_common_013.html", - "refsource" : "MISC", - "url" : "http://www.myweb-jp.com/support/tech/tech_common_013.html" - }, - { - "name" : "ADV-2006-1898", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1898" - }, - { - "name" : "1016133", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016133" - }, - { - "name" : "20178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20178" - }, - { - "name" : "myweb-sql-injection(26622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016133", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016133" + }, + { + "name": "ADV-2006-1898", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1898" + }, + { + "name": "20178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20178" + }, + { + "name": "http://www.myweb-jp.com/support/tech/tech_common_013.html", + "refsource": "MISC", + "url": "http://www.myweb-jp.com/support/tech/tech_common_013.html" + }, + { + "name": "myweb-sql-injection(26622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26622" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2603.json b/2006/2xxx/CVE-2006-2603.json index 05b53470726..8892a88b77e 100644 --- a/2006/2xxx/CVE-2006-2603.json +++ b/2006/2xxx/CVE-2006-2603.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2603", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2591. Reason: This candidate is a duplicate of CVE-2006-2591. Notes: All CVE users should reference CVE-2006-2591 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-2603", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2591. Reason: This candidate is a duplicate of CVE-2006-2591. Notes: All CVE users should reference CVE-2006-2591 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2811.json b/2006/2xxx/CVE-2006-2811.json index b178d116f68..c3e040bfab4 100644 --- a/2006/2xxx/CVE-2006-2811.json +++ b/2006/2xxx/CVE-2006-2811.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060531 multiple file inclusion exploits in ovidentia v5.8.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435590/100/0/threaded" - }, - { - "name" : "20070114 Ovidentia 5.6x Series Remote File İnclude", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456893/100/200/threaded" - }, - { - "name" : "20070209 Ovidentia Exploit Codeds", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459572/100/0/threaded" - }, - { - "name" : "18232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18232" - }, - { - "name" : "27209", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27209" - }, - { - "name" : "27211", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27211" - }, - { - "name" : "27212", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27212" - }, - { - "name" : "27213", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27213" - }, - { - "name" : "27214", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27214" - }, - { - "name" : "27215", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27215" - }, - { - "name" : "27216", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27216" - }, - { - "name" : "27217", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27217" - }, - { - "name" : "27218", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27218" - }, - { - "name" : "27219", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27219" - }, - { - "name" : "27220", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27220" - }, - { - "name" : "27221", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27221" - }, - { - "name" : "27222", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27222" - }, - { - "name" : "27223", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27223" - }, - { - "name" : "27224", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27224" - }, - { - "name" : "27225", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27225" - }, - { - "name" : "27229", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27229" - }, - { - "name" : "27226", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27226" - }, - { - "name" : "27227", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27227" - }, - { - "name" : "27228", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27228" - }, - { - "name" : "1033", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1033" - }, - { - "name" : "ovidentia-multiple-scripts-file-include(26981)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27223", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27223" + }, + { + "name": "ovidentia-multiple-scripts-file-include(26981)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26981" + }, + { + "name": "27228", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27228" + }, + { + "name": "27215", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27215" + }, + { + "name": "27224", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27224" + }, + { + "name": "27214", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27214" + }, + { + "name": "1033", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1033" + }, + { + "name": "27216", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27216" + }, + { + "name": "27212", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27212" + }, + { + "name": "27222", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27222" + }, + { + "name": "27221", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27221" + }, + { + "name": "27226", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27226" + }, + { + "name": "27220", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27220" + }, + { + "name": "27225", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27225" + }, + { + "name": "27211", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27211" + }, + { + "name": "27229", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27229" + }, + { + "name": "18232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18232" + }, + { + "name": "20070114 Ovidentia 5.6x Series Remote File İnclude", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456893/100/200/threaded" + }, + { + "name": "27209", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27209" + }, + { + "name": "27218", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27218" + }, + { + "name": "27217", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27217" + }, + { + "name": "27227", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27227" + }, + { + "name": "27213", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27213" + }, + { + "name": "20060531 multiple file inclusion exploits in ovidentia v5.8.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435590/100/0/threaded" + }, + { + "name": "27219", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27219" + }, + { + "name": "20070209 Ovidentia Exploit Codeds", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459572/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6216.json b/2006/6xxx/CVE-2006-6216.json index e73d4bd2eae..0e1282e1cbd 100644 --- a/2006/6xxx/CVE-2006-6216.json +++ b/2006/6xxx/CVE-2006-6216.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hacks List 1.21 and earlier phpBB module allows remote attackers to execute arbitrary SQL commands via the hack_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2851", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2851" - }, - { - "name" : "21290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21290" - }, - { - "name" : "nivisechackslist-admin-sql-injection(30533)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hacks List 1.21 and earlier phpBB module allows remote attackers to execute arbitrary SQL commands via the hack_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2851", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2851" + }, + { + "name": "21290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21290" + }, + { + "name": "nivisechackslist-admin-sql-injection(30533)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30533" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5997.json b/2008/5xxx/CVE-2008-5997.json index 9e4634feb27..98340a1b1ad 100644 --- a/2008/5xxx/CVE-2008-5997.json +++ b/2008/5xxx/CVE-2008-5997.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0809-exploits/omnicom-traverse.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0809-exploits/omnicom-traverse.txt" - }, - { - "name" : "31338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31338" - }, - { - "name" : "omnicom-browser-directory-traversal(45394)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "omnicom-browser-directory-traversal(45394)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45394" + }, + { + "name": "31338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31338" + }, + { + "name": "http://packetstormsecurity.org/0809-exploits/omnicom-traverse.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0809-exploits/omnicom-traverse.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2498.json b/2011/2xxx/CVE-2011-2498.json index c86af5f1454..74a3838be71 100644 --- a/2011/2xxx/CVE-2011-2498.json +++ b/2011/2xxx/CVE-2011-2498.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2498", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2498", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2663.json b/2011/2xxx/CVE-2011-2663.json index 73bf6de1e8f..dd8de5c952b 100644 --- a/2011/2xxx/CVE-2011-2663.json +++ b/2011/2xxx/CVE-2011-2663.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110926 Novell GroupWise iCal RRULE Time Conversion Invalid Array Indexing Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=945" - }, - { - "name" : "20110928 iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519875/100/0/threaded" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7009216", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7009216" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=705917", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=705917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7009216", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7009216" + }, + { + "name": "20110928 iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519875/100/0/threaded" + }, + { + "name": "20110926 Novell GroupWise iCal RRULE Time Conversion Invalid Array Indexing Vulnerability", + "refsource": "IDEFENSE", + "url": "https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=945" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=705917", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=705917" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2799.json b/2011/2xxx/CVE-2011-2799.json index b73fd9df869..26acf464227 100644 --- a/2011/2xxx/CVE-2011-2799.json +++ b/2011/2xxx/CVE-2011-2799.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=87925", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=87925" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "74250", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74250" - }, - { - "name" : "oval:org.mitre.oval:def:14617", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14617" - }, - { - "name" : "google-chrome-html-range-ce(68961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=87925", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=87925" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "74250", + "refsource": "OSVDB", + "url": "http://osvdb.org/74250" + }, + { + "name": "google-chrome-html-range-ce(68961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68961" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + }, + { + "name": "oval:org.mitre.oval:def:14617", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14617" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3166.json b/2011/3xxx/CVE-2011-3166.json index 98ae029dd9d..d778a7c0e01 100644 --- a/2011/3xxx/CVE-2011-3166.json +++ b/2011/3xxx/CVE-2011-3166.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-3166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02712", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132017799623289&w=2" - }, - { - "name" : "SSRT100649", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132017799623289&w=2" - }, - { - "name" : "1026260", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026260" - }, - { - "name" : "8484", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026260", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026260" + }, + { + "name": "HPSBMU02712", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132017799623289&w=2" + }, + { + "name": "8484", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8484" + }, + { + "name": "SSRT100649", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132017799623289&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3488.json b/2011/3xxx/CVE-2011-3488.json index 119856eec33..929a3ba2374 100644 --- a/2011/3xxx/CVE-2011-3488.json +++ b/2011/3xxx/CVE-2011-3488.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/metastock_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/metastock_1-adv.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/metastock_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/metastock_1-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3517.json b/2011/3xxx/CVE-2011-3517.json index 902d23602b4..31ab22e1add 100644 --- a/2011/3xxx/CVE-2011-3517.json +++ b/2011/3xxx/CVE-2011-3517.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 8.0 allows remote attackers to affect availability via unknown vectors related to Authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "RHSA-2012:1232", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1232.html" - }, - { - "name" : "50208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50208" - }, - { - "name" : "76459", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76459" - }, - { - "name" : "46527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46527" - }, - { - "name" : "50084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50084" - }, - { - "name" : "orasun-opensso-authen-unspecified-var1(70793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 8.0 allows remote attackers to affect availability via unknown vectors related to Authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46527" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "50084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50084" + }, + { + "name": "orasun-opensso-authen-unspecified-var1(70793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70793" + }, + { + "name": "76459", + "refsource": "OSVDB", + "url": "http://osvdb.org/76459" + }, + { + "name": "RHSA-2012:1232", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html" + }, + { + "name": "50208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50208" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3586.json b/2011/3xxx/CVE-2011-3586.json index 048987655ec..2fd00976294 100644 --- a/2011/3xxx/CVE-2011-3586.json +++ b/2011/3xxx/CVE-2011-3586.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3586", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3586", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3704.json b/2011/3xxx/CVE-2011-3704.json index 21052482b2f..1ca8197dc10 100644 --- a/2011/3xxx/CVE-2011-3704.json +++ b/2011/3xxx/CVE-2011-3704.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/appRain-d-0.1.0", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/appRain-d-0.1.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/appRain-d-0.1.0", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/appRain-d-0.1.0" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4628.json b/2011/4xxx/CVE-2011-4628.json index 5ad9bb0d384..2d40aceaad1 100644 --- a/2011/4xxx/CVE-2011-4628.json +++ b/2011/4xxx/CVE-2011-4628.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4628", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4628", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4731.json b/2011/4xxx/CVE-2011-4731.json index 045ed3235a8..548fdabafac 100644 --- a/2011/4xxx/CVE-2011-4731.json +++ b/2011/4xxx/CVE-2011-4731.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4816.json b/2011/4xxx/CVE-2011-4816.json index a75152d64f6..dca3145db16 100644 --- a/2011/4xxx/CVE-2011-4816.json +++ b/2011/4xxx/CVE-2011-4816.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2011-4816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21584666", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21584666" - }, - { - "name" : "IV09194", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194" - }, - { - "name" : "52333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52333" - }, - { - "name" : "48299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48299" - }, - { - "name" : "48305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48305" - }, - { - "name" : "maximo-kpi-sql-injection(72001)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "maximo-kpi-sql-injection(72001)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" + }, + { + "name": "48299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48299" + }, + { + "name": "48305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48305" + }, + { + "name": "52333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52333" + }, + { + "name": "IV09194", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0002.json b/2013/0xxx/CVE-2013-0002.json index 92264d661e7..567614b4858 100644 --- a/2013/0xxx/CVE-2013-0002.json +++ b/2013/0xxx/CVE-2013-0002.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka \"WinForms Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-004", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004" - }, - { - "name" : "TA13-008A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-008A.html" - }, - { - "name" : "oval:org.mitre.oval:def:16343", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka \"WinForms Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-008A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html" + }, + { + "name": "MS13-004", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004" + }, + { + "name": "oval:org.mitre.oval:def:16343", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16343" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0084.json b/2013/0xxx/CVE-2013-0084.json index 117b684cf4f..9e9df62f1d7 100644 --- a/2013/0xxx/CVE-2013-0084.json +++ b/2013/0xxx/CVE-2013-0084.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"SharePoint Directory Traversal Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-024", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024" - }, - { - "name" : "TA13-071A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" - }, - { - "name" : "oval:org.mitre.oval:def:16445", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"SharePoint Directory Traversal Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-024", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024" + }, + { + "name": "TA13-071A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A" + }, + { + "name": "oval:org.mitre.oval:def:16445", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0170.json b/2013/0xxx/CVE-2013-0170.json index eb87abc7927..456b43b6440 100644 --- a/2013/0xxx/CVE-2013-0170.json +++ b/2013/0xxx/CVE-2013-0170.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720" - }, - { - "name" : "http://libvirt.org/news.html", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/news.html" - }, - { - "name" : "http://wiki.libvirt.org/page/Maintenance_Releases", - "refsource" : "CONFIRM", - "url" : "http://wiki.libvirt.org/page/Maintenance_Releases" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=893450", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=893450" - }, - { - "name" : "FEDORA-2013-1626", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html" - }, - { - "name" : "FEDORA-2013-1642", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html" - }, - { - "name" : "FEDORA-2013-1644", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html" - }, - { - "name" : "RHSA-2013:0199", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0199.html" - }, - { - "name" : "SUSE-SU-2013:0320", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html" - }, - { - "name" : "openSUSE-SU-2013:0274", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html" - }, - { - "name" : "openSUSE-SU-2013:0275", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html" - }, - { - "name" : "USN-1708-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1708-1" - }, - { - "name" : "57578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57578" - }, - { - "name" : "89644", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89644" - }, - { - "name" : "1028047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028047" - }, - { - "name" : "52001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52001" - }, - { - "name" : "52003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52003" - }, - { - "name" : "libvirt-virnetmessagefree-code-exec(81552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2013-1626", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html" + }, + { + "name": "openSUSE-SU-2013:0275", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html" + }, + { + "name": "89644", + "refsource": "OSVDB", + "url": "http://osvdb.org/89644" + }, + { + "name": "http://libvirt.org/news.html", + "refsource": "CONFIRM", + "url": "http://libvirt.org/news.html" + }, + { + "name": "libvirt-virnetmessagefree-code-exec(81552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81552" + }, + { + "name": "openSUSE-SU-2013:0274", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html" + }, + { + "name": "SUSE-SU-2013:0320", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html" + }, + { + "name": "FEDORA-2013-1644", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html" + }, + { + "name": "http://wiki.libvirt.org/page/Maintenance_Releases", + "refsource": "CONFIRM", + "url": "http://wiki.libvirt.org/page/Maintenance_Releases" + }, + { + "name": "1028047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028047" + }, + { + "name": "USN-1708-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1708-1" + }, + { + "name": "FEDORA-2013-1642", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html" + }, + { + "name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720", + "refsource": "CONFIRM", + "url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720" + }, + { + "name": "52001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52001" + }, + { + "name": "RHSA-2013:0199", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0199.html" + }, + { + "name": "57578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57578" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=893450", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=893450" + }, + { + "name": "52003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52003" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0503.json b/2013/0xxx/CVE-2013-0503.json index 2a39985ad89..e2c7930000e 100644 --- a/2013/0xxx/CVE-2013-0503.json +++ b/2013/0xxx/CVE-2013-0503.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21634538", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21634538" - }, - { - "name" : "LO74182", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO74182" - }, - { - "name" : "lotus-connections-reflected-xss(82265)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-connections-reflected-xss(82265)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82265" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21634538", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21634538" + }, + { + "name": "LO74182", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO74182" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1044.json b/2013/1xxx/CVE-2013-1044.json index 6f9db37630b..c99cb5d5e5f 100644 --- a/2013/1xxx/CVE-2013-1044.json +++ b/2013/1xxx/CVE-2013-1044.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-1044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "http://support.apple.com/kb/HT6001", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6001" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "APPLE-SA-2013-10-22-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" - }, - { - "name" : "APPLE-SA-2013-10-22-8", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" - }, - { - "name" : "1029054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029054" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-10-22-8", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" + }, + { + "name": "1029054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029054" + }, + { + "name": "http://support.apple.com/kb/HT6001", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6001" + }, + { + "name": "APPLE-SA-2013-10-22-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" + }, + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1682.json b/2013/1xxx/CVE-2013-1682.json index 7151240364e..aeb9858eb4f 100644 --- a/2013/1xxx/CVE-2013-1682.json +++ b/2013/1xxx/CVE-2013-1682.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-49.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-49.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=830389", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=830389" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=840098", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=840098" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=862309", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=862309" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=867482", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=867482" - }, - { - "name" : "DSA-2716", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2716" - }, - { - "name" : "DSA-2720", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2720" - }, - { - "name" : "RHSA-2013:0981", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0981.html" - }, - { - "name" : "RHSA-2013:0982", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0982.html" - }, - { - "name" : "SUSE-SU-2013:1152", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:1153", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:1140", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:1141", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html" - }, - { - "name" : "openSUSE-SU-2013:1142", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:1143", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html" - }, - { - "name" : "USN-1890-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1890-1" - }, - { - "name" : "USN-1891-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1891-1" - }, - { - "name" : "60765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60765" - }, - { - "name" : "oval:org.mitre.oval:def:17392", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=840098", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=840098" + }, + { + "name": "USN-1890-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1890-1" + }, + { + "name": "RHSA-2013:0982", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html" + }, + { + "name": "SUSE-SU-2013:1153", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html" + }, + { + "name": "SUSE-SU-2013:1152", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-49.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-49.html" + }, + { + "name": "RHSA-2013:0981", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html" + }, + { + "name": "USN-1891-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1891-1" + }, + { + "name": "openSUSE-SU-2013:1141", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html" + }, + { + "name": "DSA-2716", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2716" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=830389", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=830389" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=862309", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=862309" + }, + { + "name": "openSUSE-SU-2013:1142", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:1140", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" + }, + { + "name": "DSA-2720", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2720" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=867482", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=867482" + }, + { + "name": "oval:org.mitre.oval:def:17392", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17392" + }, + { + "name": "60765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60765" + }, + { + "name": "openSUSE-SU-2013:1143", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1763.json b/2013/1xxx/CVE-2013-1763.json index b19919f9ea7..43784713ade 100644 --- a/2013/1xxx/CVE-2013-1763.json +++ b/2013/1xxx/CVE-2013-1763.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24555", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24555" - }, - { - "name" : "24746", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24746" - }, - { - "name" : "33336", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33336" - }, - { - "name" : "[oss-security] 20130224 Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/24/3" - }, - { - "name" : "[oss-security] 20130225 Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/02/25/12" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=915052", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=915052" - }, - { - "name" : "https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - }, - { - "name" : "openSUSE-SU-2013:0395", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html" - }, - { - "name" : "USN-1749-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1749-1" - }, - { - "name" : "USN-1750-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1750-1" - }, - { - "name" : "USN-1751-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1751-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=915052", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915052" + }, + { + "name": "https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0" + }, + { + "name": "[oss-security] 20130225 Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/02/25/12" + }, + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "USN-1750-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1750-1" + }, + { + "name": "33336", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33336" + }, + { + "name": "[oss-security] 20130224 Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/24/3" + }, + { + "name": "openSUSE-SU-2013:0395", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html" + }, + { + "name": "24746", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24746" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.10" + }, + { + "name": "USN-1749-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1749-1" + }, + { + "name": "24555", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24555" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0" + }, + { + "name": "USN-1751-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1751-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1798.json b/2013/1xxx/CVE-2013-1798.json index cd934d7ff97..6281b7f9468 100644 --- a/2013/1xxx/CVE-2013-1798.json +++ b/2013/1xxx/CVE-2013-1798.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/20/9" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a2c118bfab8bc6b8bb213abfc35201e441693d55", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a2c118bfab8bc6b8bb213abfc35201e441693d55" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=917017", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=917017" - }, - { - "name" : "https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - }, - { - "name" : "RHSA-2013:0727", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0727.html" - }, - { - "name" : "RHSA-2013:0744", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0744.html" - }, - { - "name" : "RHSA-2013:0746", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0746.html" - }, - { - "name" : "RHSA-2013:0928", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0928.html" - }, - { - "name" : "RHSA-2013:1026", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1026.html" - }, - { - "name" : "openSUSE-SU-2013:0847", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html" - }, - { - "name" : "openSUSE-SU-2013:0925", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:1187", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" - }, - { - "name" : "USN-1809-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1809-1" - }, - { - "name" : "USN-1812-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1812-1" - }, - { - "name" : "USN-1813-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1813-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0847", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html" + }, + { + "name": "openSUSE-SU-2013:1187", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a2c118bfab8bc6b8bb213abfc35201e441693d55", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a2c118bfab8bc6b8bb213abfc35201e441693d55" + }, + { + "name": "https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55" + }, + { + "name": "USN-1812-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1812-1" + }, + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "RHSA-2013:0928", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html" + }, + { + "name": "USN-1809-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1809-1" + }, + { + "name": "RHSA-2013:0727", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0727.html" + }, + { + "name": "[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/20/9" + }, + { + "name": "RHSA-2013:0744", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html" + }, + { + "name": "RHSA-2013:0746", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0746.html" + }, + { + "name": "USN-1813-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1813-1" + }, + { + "name": "openSUSE-SU-2013:0925", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=917017", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917017" + }, + { + "name": "RHSA-2013:1026", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1927.json b/2013/1xxx/CVE-2013-1927.json index a4ad650ef20..2c2ceeae12d 100644 --- a/2013/1xxx/CVE-2013-1927.json +++ b/2013/1xxx/CVE-2013-1927.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=884705", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=884705" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123", - "refsource" : "MISC", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8" - }, - { - "name" : "MDVSA-2013:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146" - }, - { - "name" : "RHSA-2013:0753", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0753.html" - }, - { - "name" : "openSUSE-SU-2013:0715", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html" - }, - { - "name" : "openSUSE-SU-2013:0735", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:0826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html" - }, - { - "name" : "SUSE-SU-2013:0851", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html" - }, - { - "name" : "openSUSE-SU-2013:0893", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html" - }, - { - "name" : "openSUSE-SU-2013:0897", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html" - }, - { - "name" : "openSUSE-SU-2013:0966", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html" - }, - { - "name" : "SUSE-SU-2013:1174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html" - }, - { - "name" : "USN-1804-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1804-1" - }, - { - "name" : "59286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59286" - }, - { - "name" : "92544", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92544" - }, - { - "name" : "53109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53109" - }, - { - "name" : "53117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53117" - }, - { - "name" : "icedtea-cve20131927-sec-bypass(83640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92544", + "refsource": "OSVDB", + "url": "http://osvdb.org/92544" + }, + { + "name": "SUSE-SU-2013:0851", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html" + }, + { + "name": "openSUSE-SU-2013:0897", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html" + }, + { + "name": "MDVSA-2013:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:146" + }, + { + "name": "SUSE-SU-2013:1174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html" + }, + { + "name": "53109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53109" + }, + { + "name": "openSUSE-SU-2013:0826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html" + }, + { + "name": "59286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59286" + }, + { + "name": "icedtea-cve20131927-sec-bypass(83640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83640" + }, + { + "name": "openSUSE-SU-2013:0735", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html" + }, + { + "name": "53117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53117" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/19f5282f53e8" + }, + { + "name": "RHSA-2013:0753", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0753.html" + }, + { + "name": "openSUSE-SU-2013:0966", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html" + }, + { + "name": "openSUSE-SU-2013:0893", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html" + }, + { + "name": "USN-1804-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1804-1" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123", + "refsource": "MISC", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123" + }, + { + "name": "openSUSE-SU-2013:0715", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=884705", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884705" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/cb58b31c450e" + }, + { + "name": "[distro-pkg-dev] 20130417 IcedTea-Web 1.3.2 and 1.2.3 released!", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1955.json b/2013/1xxx/CVE-2013-1955.json index 33e83ac8902..890e752a1ab 100644 --- a/2013/1xxx/CVE-2013-1955.json +++ b/2013/1xxx/CVE-2013-1955.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130416 Re: CVE for XSS in EasyPHPCalender script", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/16/6" - }, - { - "name" : "http://docs7.easyphpcalendar.com/source/ChangeLog/changeLog.htm", - "refsource" : "CONFIRM", - "url" : "http://docs7.easyphpcalendar.com/source/ChangeLog/changeLog.htm" - }, - { - "name" : "http://www.easyphpcalendar.com/forums/showthread.php?p=4555", - "refsource" : "CONFIRM", - "url" : "http://www.easyphpcalendar.com/forums/showthread.php?p=4555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs7.easyphpcalendar.com/source/ChangeLog/changeLog.htm", + "refsource": "CONFIRM", + "url": "http://docs7.easyphpcalendar.com/source/ChangeLog/changeLog.htm" + }, + { + "name": "[oss-security] 20130416 Re: CVE for XSS in EasyPHPCalender script", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/16/6" + }, + { + "name": "http://www.easyphpcalendar.com/forums/showthread.php?p=4555", + "refsource": "CONFIRM", + "url": "http://www.easyphpcalendar.com/forums/showthread.php?p=4555" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5421.json b/2013/5xxx/CVE-2013-5421.json index ad410707032..967885f25cc 100644 --- a/2013/5xxx/CVE-2013-5421.json +++ b/2013/5xxx/CVE-2013-5421.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660210", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660210" - }, - { - "name" : "ibm-sam-cve20135421-xss(87483)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sam-cve20135421-xss(87483)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87483" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660210", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660210" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5474.json b/2013/5xxx/CVE-2013-5474.json index 997d0b43dca..22e92f9a5ff 100644 --- a/2013/5xxx/CVE-2013-5474.json +++ b/2013/5xxx/CVE-2013-5474.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130925 Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ipv6vfr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130925 Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ipv6vfr" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5736.json b/2013/5xxx/CVE-2013-5736.json index 2eff71bdbdb..5a79eb5d851 100644 --- a/2013/5xxx/CVE-2013-5736.json +++ b/2013/5xxx/CVE-2013-5736.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5736", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5736", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2200.json b/2014/2xxx/CVE-2014-2200.json index a33d94d17ce..6f31f505e37 100644 --- a/2014/2xxx/CVE-2014-2200.json +++ b/2014/2xxx/CVE-2014-2200.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2326.json b/2014/2xxx/CVE-2014-2326.json index 5de5852fd94..72b52170736 100644 --- a/2014/2xxx/CVE-2014-2326.json +++ b/2014/2xxx/CVE-2014-2326.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531588" - }, - { - "name" : "http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html" - }, - { - "name" : "http://bugs.cacti.net/view.php?id=2431", - "refsource" : "CONFIRM", - "url" : "http://bugs.cacti.net/view.php?id=2431" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=7443", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=7443" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768" - }, - { - "name" : "DSA-2970", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2970" - }, - { - "name" : "FEDORA-2014-4892", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html" - }, - { - "name" : "FEDORA-2014-4928", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html" - }, - { - "name" : "GLSA-201509-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-03" - }, - { - "name" : "openSUSE-SU-2015:0479", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html" - }, - { - "name" : "66390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66390" - }, - { - "name" : "57647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57647" - }, - { - "name" : "59203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=7443", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=7443" + }, + { + "name": "FEDORA-2014-4928", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768" + }, + { + "name": "20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531588" + }, + { + "name": "59203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59203" + }, + { + "name": "http://bugs.cacti.net/view.php?id=2431", + "refsource": "CONFIRM", + "url": "http://bugs.cacti.net/view.php?id=2431" + }, + { + "name": "openSUSE-SU-2015:0479", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html" + }, + { + "name": "FEDORA-2014-4892", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html" + }, + { + "name": "66390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66390" + }, + { + "name": "57647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57647" + }, + { + "name": "DSA-2970", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2970" + }, + { + "name": "http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html" + }, + { + "name": "GLSA-201509-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-03" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2679.json b/2014/2xxx/CVE-2014-2679.json index 91bc9ac885f..02d61d4e7a2 100644 --- a/2014/2xxx/CVE-2014-2679.json +++ b/2014/2xxx/CVE-2014-2679.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2679", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2679", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0413.json b/2017/0xxx/CVE-2017-0413.json index 923e5d06946..0039df7b1ad 100644 --- a/2017/0xxx/CVE-2017-0413.json +++ b/2017/0xxx/CVE-2017-0413.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96063" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "96063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96063" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0536.json b/2017/0xxx/CVE-2017-0536.json index c67096b6c99..505ad8b4095 100644 --- a/2017/0xxx/CVE-2017-0536.json +++ b/2017/0xxx/CVE-2017-0536.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96835" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96835" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0748.json b/2017/0xxx/CVE-2017-0748.json index eb789c8d9ac..0e9e2469a8b 100644 --- a/2017/0xxx/CVE-2017-0748.json +++ b/2017/0xxx/CVE-2017-0748.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-08-07T00:00:00", - "ID" : "CVE-2017-0748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-08-07T00:00:00", + "ID": "CVE-2017-0748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-08-01" - }, - { - "name" : "100210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-08-01" + }, + { + "name": "100210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100210" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0817.json b/2017/0xxx/CVE-2017-0817.json index d35fb47c4ba..c4b11a65843 100644 --- a/2017/0xxx/CVE-2017-0817.json +++ b/2017/0xxx/CVE-2017-0817.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-0817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-0817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - }, - { - "name" : "101151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b" + }, + { + "name": "101151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101151" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000005.json b/2017/1000xxx/CVE-2017-1000005.json index 262e1d706b0..030a681f759 100644 --- a/2017/1000xxx/CVE-2017-1000005.json +++ b/2017/1000xxx/CVE-2017-1000005.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.259310", - "ID" : "CVE-2017-1000005", - "REQUESTER" : "sajeeb.lohani@bulletproof.sh", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PHPMiniAdmin", - "version" : { - "version_data" : [ - { - "version_value" : "1.9.160630" - } - ] - } - } - ] - }, - "vendor_name" : "PHPMiniAdmin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.259310", + "ID": "CVE-2017-1000005", + "REQUESTER": "sajeeb.lohani@bulletproof.sh", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/osalabs/phpminiadmin", - "refsource" : "MISC", - "url" : "https://github.com/osalabs/phpminiadmin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/osalabs/phpminiadmin", + "refsource": "MISC", + "url": "https://github.com/osalabs/phpminiadmin" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12127.json b/2017/12xxx/CVE-2017-12127.json index 9533b67f063..67f0ca28566 100644 --- a/2017/12xxx/CVE-2017-12127.json +++ b/2017/12xxx/CVE-2017-12127.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-13T00:00:00", - "ID" : "CVE-2017-12127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa EDR-810 V4.1 build 17030317" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Plaintext storage of password" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-13T00:00:00", + "ID": "CVE-2017-12127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa", + "version": { + "version_data": [ + { + "version_value": "Moxa EDR-810 V4.1 build 17030317" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0479", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Plaintext storage of password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0479", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0479" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16124.json b/2017/16xxx/CVE-2017-16124.json index ae0ad85f679..64afec01c7e 100644 --- a/2017/16xxx/CVE-2017-16124.json +++ b/2017/16xxx/CVE-2017-16124.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "node-server-forfront node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "node-server-forfront node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/node-server-forfront", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/node-server-forfront" - }, - { - "name" : "https://nodesecurity.io/advisories/382", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/382", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/382" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/node-server-forfront", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/node-server-forfront" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16150.json b/2017/16xxx/CVE-2017-16150.json index 4c2bb42ed96..10f298820ef 100644 --- a/2017/16xxx/CVE-2017-16150.json +++ b/2017/16xxx/CVE-2017-16150.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "wangguojing123 node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "wangguojing123 node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/wangguojing123", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/wangguojing123" - }, - { - "name" : "https://nodesecurity.io/advisories/374", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/wangguojing123", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/wangguojing123" + }, + { + "name": "https://nodesecurity.io/advisories/374", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/374" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16262.json b/2017/16xxx/CVE-2017-16262.json index fd0832adb6d..97c118f0a81 100644 --- a/2017/16xxx/CVE-2017-16262.json +++ b/2017/16xxx/CVE-2017-16262.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16262", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16262", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16479.json b/2017/16xxx/CVE-2017-16479.json index a9ec76cc52c..781f33f3aea 100644 --- a/2017/16xxx/CVE-2017-16479.json +++ b/2017/16xxx/CVE-2017-16479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16479", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16479", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16538.json b/2017/16xxx/CVE-2017-16538.json index 1bb03f21a51..51d16fa72c0 100644 --- a/2017/16xxx/CVE-2017-16538.json +++ b/2017/16xxx/CVE-2017-16538.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ", - "refsource" : "MISC", - "url" : "https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ" - }, - { - "name" : "https://patchwork.linuxtv.org/patch/44566/", - "refsource" : "MISC", - "url" : "https://patchwork.linuxtv.org/patch/44566/" - }, - { - "name" : "https://patchwork.linuxtv.org/patch/44567/", - "refsource" : "MISC", - "url" : "https://patchwork.linuxtv.org/patch/44567/" - }, - { - "name" : "DSA-4073", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4073" - }, - { - "name" : "DSA-4082", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4082" - }, - { - "name" : "SUSE-SU-2018:0011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" - }, - { - "name" : "USN-3631-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3631-1/" - }, - { - "name" : "USN-3631-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3631-2/" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3631-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3631-2/" + }, + { + "name": "https://patchwork.linuxtv.org/patch/44566/", + "refsource": "MISC", + "url": "https://patchwork.linuxtv.org/patch/44566/" + }, + { + "name": "DSA-4082", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4082" + }, + { + "name": "USN-3631-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3631-1/" + }, + { + "name": "SUSE-SU-2018:0011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ", + "refsource": "MISC", + "url": "https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ" + }, + { + "name": "https://patchwork.linuxtv.org/patch/44567/", + "refsource": "MISC", + "url": "https://patchwork.linuxtv.org/patch/44567/" + }, + { + "name": "DSA-4073", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4073" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1276.json b/2017/1xxx/CVE-2017-1276.json index 7fd7a519c86..d54126e1ae3 100644 --- a/2017/1xxx/CVE-2017-1276.json +++ b/2017/1xxx/CVE-2017-1276.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational DOORS Next Generation", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - }, - { - "product_name" : "Rational DOORS Next Generation ", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational DOORS Next Generation", + "version": { + "version_data": [ + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + }, + { + "product_name": "Rational DOORS Next Generation ", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124751", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124751" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22002809", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22002809" - }, - { - "name" : "99000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22002809", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22002809" + }, + { + "name": "99000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99000" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124751", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124751" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4381.json b/2017/4xxx/CVE-2017-4381.json index 79ff4f02f88..091ac727d15 100644 --- a/2017/4xxx/CVE-2017-4381.json +++ b/2017/4xxx/CVE-2017-4381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4381", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4381", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4537.json b/2017/4xxx/CVE-2017-4537.json index 34981698c82..a736818685e 100644 --- a/2017/4xxx/CVE-2017-4537.json +++ b/2017/4xxx/CVE-2017-4537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4537", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4537", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4755.json b/2017/4xxx/CVE-2017-4755.json index 7291179ff90..ca8729f3d9b 100644 --- a/2017/4xxx/CVE-2017-4755.json +++ b/2017/4xxx/CVE-2017-4755.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4755", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4755", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4881.json b/2017/4xxx/CVE-2017-4881.json index 2476ec00b9a..59f8f2a74aa 100644 --- a/2017/4xxx/CVE-2017-4881.json +++ b/2017/4xxx/CVE-2017-4881.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4881", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4881", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5108.json b/2018/5xxx/CVE-2018-5108.json index 51490a744cc..11298395f28 100644 --- a/2018/5xxx/CVE-2018-5108.json +++ b/2018/5xxx/CVE-2018-5108.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "58" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Manually entered blob URL can be accessed by subsequent private browsing tabs" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "58" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1421099", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1421099" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/" - }, - { - "name" : "USN-3544-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3544-1/" - }, - { - "name" : "102786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102786" - }, - { - "name" : "1040270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Manually entered blob URL can be accessed by subsequent private browsing tabs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040270" + }, + { + "name": "USN-3544-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3544-1/" + }, + { + "name": "102786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102786" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1421099", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1421099" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5123.json b/2018/5xxx/CVE-2018-5123.json index f6867d8fbc2..f2d8df718f1 100644 --- a/2018/5xxx/CVE-2018-5123.json +++ b/2018/5xxx/CVE-2018-5123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5123", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5123", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5577.json b/2018/5xxx/CVE-2018-5577.json index 65bc20ae53b..2a5433c4945 100644 --- a/2018/5xxx/CVE-2018-5577.json +++ b/2018/5xxx/CVE-2018-5577.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5577", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5577", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file