From a650c4c6a0a436b30c4f7a5f5d54823941a207a3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:05:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0415.json | 140 +++++++-------- 2001/0xxx/CVE-2001-0434.json | 130 +++++++------- 2001/0xxx/CVE-2001-0514.json | 140 +++++++-------- 2001/0xxx/CVE-2001-0665.json | 150 ++++++++-------- 2001/0xxx/CVE-2001-0756.json | 130 +++++++------- 2001/0xxx/CVE-2001-0948.json | 150 ++++++++-------- 2001/1xxx/CVE-2001-1252.json | 170 +++++++++--------- 2001/1xxx/CVE-2001-1363.json | 130 +++++++------- 2001/1xxx/CVE-2001-1520.json | 140 +++++++-------- 2006/2xxx/CVE-2006-2168.json | 150 ++++++++-------- 2006/2xxx/CVE-2006-2293.json | 170 +++++++++--------- 2006/2xxx/CVE-2006-2306.json | 160 ++++++++--------- 2006/6xxx/CVE-2006-6234.json | 150 ++++++++-------- 2006/6xxx/CVE-2006-6549.json | 140 +++++++-------- 2011/2xxx/CVE-2011-2042.json | 120 ++++++------- 2011/2xxx/CVE-2011-2494.json | 180 +++++++++---------- 2011/2xxx/CVE-2011-2610.json | 150 ++++++++-------- 2011/2xxx/CVE-2011-2907.json | 180 +++++++++---------- 2011/2xxx/CVE-2011-2967.json | 34 ++-- 2011/3xxx/CVE-2011-3027.json | 210 +++++++++++----------- 2011/3xxx/CVE-2011-3053.json | 280 ++++++++++++++--------------- 2011/3xxx/CVE-2011-3257.json | 150 ++++++++-------- 2011/3xxx/CVE-2011-3274.json | 130 +++++++------- 2011/3xxx/CVE-2011-3919.json | 260 +++++++++++++-------------- 2011/4xxx/CVE-2011-4233.json | 34 ++-- 2011/4xxx/CVE-2011-4443.json | 34 ++-- 2013/0xxx/CVE-2013-0292.json | 270 ++++++++++++++-------------- 2013/1xxx/CVE-2013-1317.json | 140 +++++++-------- 2013/1xxx/CVE-2013-1336.json | 140 +++++++-------- 2013/1xxx/CVE-2013-1687.json | 280 ++++++++++++++--------------- 2013/5xxx/CVE-2013-5048.json | 120 ++++++------- 2013/5xxx/CVE-2013-5051.json | 120 ++++++------- 2013/5xxx/CVE-2013-5131.json | 160 ++++++++--------- 2013/5xxx/CVE-2013-5881.json | 180 +++++++++---------- 2014/2xxx/CVE-2014-2937.json | 34 ++-- 2014/6xxx/CVE-2014-6509.json | 130 +++++++------- 2017/0xxx/CVE-2017-0374.json | 140 +++++++-------- 2017/0xxx/CVE-2017-0787.json | 132 +++++++------- 2017/0xxx/CVE-2017-0815.json | 190 ++++++++++---------- 2017/0xxx/CVE-2017-0893.json | 130 +++++++------- 2017/1000xxx/CVE-2017-1000038.json | 124 ++++++------- 2017/1000xxx/CVE-2017-1000050.json | 164 ++++++++--------- 2017/1000xxx/CVE-2017-1000098.json | 147 ++++++++------- 2017/12xxx/CVE-2017-12409.json | 34 ++-- 2017/16xxx/CVE-2017-16388.json | 140 +++++++-------- 2017/16xxx/CVE-2017-16682.json | 142 +++++++-------- 2017/16xxx/CVE-2017-16888.json | 34 ++-- 2017/1xxx/CVE-2017-1542.json | 34 ++-- 2017/1xxx/CVE-2017-1769.json | 152 ++++++++-------- 2017/4xxx/CVE-2017-4652.json | 34 ++-- 2017/4xxx/CVE-2017-4742.json | 34 ++-- 2017/4xxx/CVE-2017-4898.json | 140 +++++++-------- 2017/4xxx/CVE-2017-4926.json | 142 +++++++-------- 2018/5xxx/CVE-2018-5736.json | 150 ++++++++-------- 54 files changed, 3723 insertions(+), 3726 deletions(-) diff --git a/2001/0xxx/CVE-2001-0415.json b/2001/0xxx/CVE-2001-0415.json index 5daec4ce677..791e44249af 100644 --- a/2001/0xxx/CVE-2001-0415.json +++ b/2001/0xxx/CVE-2001-0415.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010320 Password stored in clear text vulnerability in real time stock trading program", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0275.html" - }, - { - "name" : "2495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2495" - }, - { - "name" : "rediplus-weak-security(6276)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2495" + }, + { + "name": "20010320 Password stored in clear text vulnerability in real time stock trading program", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0275.html" + }, + { + "name": "rediplus-weak-security(6276)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6276" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0434.json b/2001/0xxx/CVE-2001-0434.json index 404fa8dd305..4086a3fa905 100644 --- a/2001/0xxx/CVE-2001-0434.json +++ b/2001/0xxx/CVE-2001-0434.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SSRT0716", - "refsource" : "COMPAQ", - "url" : "http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml" - }, - { - "name" : "compaq-activex-dos(6355)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "compaq-activex-dos(6355)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6355" + }, + { + "name": "SSRT0716", + "refsource": "COMPAQ", + "url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0514.json b/2001/0xxx/CVE-2001-0514.json index ea8a243627d..4cbec1491a0 100644 --- a/2001/0xxx/CVE-2001-0514.json +++ b/2001/0xxx/CVE-2001-0514.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/advise83.php" - }, - { - "name" : "atmel-vnetb-ap-snmp-security(6576)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6576" - }, - { - "name" : "2896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/advise83.php" + }, + { + "name": "2896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2896" + }, + { + "name": "atmel-vnetb-ap-snmp-security(6576)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6576" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0665.json b/2001/0xxx/CVE-2001-0665.json index 0f13422de1b..5fe1455f939 100644 --- a/2001/0xxx/CVE-2001-0665.json +++ b/2001/0xxx/CVE-2001-0665.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the \"HTTP Request Encoding vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051" - }, - { - "name" : "ie-url-http-requests(7259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259" - }, - { - "name" : "3421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3421" - }, - { - "name" : "1972", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the \"HTTP Request Encoding vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3421" + }, + { + "name": "ie-url-http-requests(7259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259" + }, + { + "name": "1972", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1972" + }, + { + "name": "MS01-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0756.json b/2001/0xxx/CVE-2001-0756.json index 63f057e5f0a..52e615c1f6c 100644 --- a/2001/0xxx/CVE-2001-0756.json +++ b/2001/0xxx/CVE-2001-0756.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010607 cgisecurity.com Advisory #5 ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0067.html" - }, - { - "name" : "20010611 re: Advisory #5 Corrections.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99237435902211&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010611 re: Advisory #5 Corrections.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99237435902211&w=2" + }, + { + "refsource": "BUGTRAQ", + "name": "20010607 cgisecurity.com Advisory #5", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0067.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0948.json b/2001/0xxx/CVE-2001-0948.json index e70d75a38b9..a2458c96a61 100644 --- a/2001/0xxx/CVE-2001-0948.json +++ b/2001/0xxx/CVE-2001-0948.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011204 NMRC Advisory - Multiple Valicert Problems ", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100749428517090&w=2" - }, - { - "name" : "http://www.valicert.com/support/security_advisory_eva.html", - "refsource" : "CONFIRM", - "url" : "http://www.valicert.com/support/security_advisory_eva.html" - }, - { - "name" : "eva-admin-script-injection(7650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650" - }, - { - "name" : "3619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20011204 NMRC Advisory - Multiple Valicert Problems", + "url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2" + }, + { + "name": "eva-admin-script-injection(7650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650" + }, + { + "name": "http://www.valicert.com/support/security_advisory_eva.html", + "refsource": "CONFIRM", + "url": "http://www.valicert.com/support/security_advisory_eva.html" + }, + { + "name": "3619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3619" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1252.json b/2001/1xxx/CVE-2001-1252.json index 88ffb073f2b..2d00ac17754 100644 --- a/2001/1xxx/CVE-2001-1252.json +++ b/2001/1xxx/CVE-2001-1252.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010928 SNS-43: PGP Keyserver Permissions Misconfiguration", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0230.html" - }, - { - "name" : "http://www.pgp.com/support/product-advisories/keyserver.asp", - "refsource" : "CONFIRM", - "url" : "http://www.pgp.com/support/product-advisories/keyserver.asp" - }, - { - "name" : "pgp-keyserver-http-dos(7203)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7203.php" - }, - { - "name" : "3375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3375" - }, - { - "name" : "1955", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1955" - }, - { - "name" : "4193", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1955", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1955" + }, + { + "name": "20010928 SNS-43: PGP Keyserver Permissions Misconfiguration", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0230.html" + }, + { + "name": "http://www.pgp.com/support/product-advisories/keyserver.asp", + "refsource": "CONFIRM", + "url": "http://www.pgp.com/support/product-advisories/keyserver.asp" + }, + { + "name": "4193", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4193" + }, + { + "name": "pgp-keyserver-http-dos(7203)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7203.php" + }, + { + "name": "3375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3375" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1363.json b/2001/1xxx/CVE-2001-1363.json index 2b6e9f799aa..f76909fded1 100644 --- a/2001/1xxx/CVE-2001-1363.json +++ b/2001/1xxx/CVE-2001-1363.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz" - }, - { - "name" : "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" + }, + { + "name": "http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz", + "refsource": "CONFIRM", + "url": "http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1520.json b/2001/1xxx/CVE-2001-1520.json index f651650f879..922f0b6acee 100644 --- a/2001/1xxx/CVE-2001-1520.json +++ b/2001/1xxx/CVE-2001-1520.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011123 Xircom REX6000 PDA Password Retrieval", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-11/0187.html" - }, - { - "name" : "3574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3574" - }, - { - "name" : "rex6000-pda-password-retrieval(7584)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7584.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011123 Xircom REX6000 PDA Password Retrieval", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0187.html" + }, + { + "name": "3574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3574" + }, + { + "name": "rex6000-pda-password-retrieval(7584)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7584.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2168.json b/2006/2xxx/CVE-2006-2168.json index 5e47901935d..195710fe1fa 100644 --- a/2006/2xxx/CVE-2006-2168.json +++ b/2006/2xxx/CVE-2006-2168.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060502 FileProtection Express <= 1.0.1 authentification bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432728/100/0/threaded" - }, - { - "name" : "17786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17786" - }, - { - "name" : "835", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/835" - }, - { - "name" : "fileprotectionexpress-bypass-auth(26225)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "835", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/835" + }, + { + "name": "20060502 FileProtection Express <= 1.0.1 authentification bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432728/100/0/threaded" + }, + { + "name": "fileprotectionexpress-bypass-auth(26225)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26225" + }, + { + "name": "17786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17786" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2293.json b/2006/2xxx/CVE-2006-2293.json index d035be8d9af..e31ee749fcc 100644 --- a/2006/2xxx/CVE-2006-2293.json +++ b/2006/2xxx/CVE-2006-2293.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/multicalendars-3.0-sql-inj.txt", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/multicalendars-3.0-sql-inj.txt" - }, - { - "name" : "17903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17903" - }, - { - "name" : "ADV-2006-1750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1750" - }, - { - "name" : "25428", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25428" - }, - { - "name" : "20030", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20030" - }, - { - "name" : "multicalendars-allcalendars-sql-injection(26362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20030" + }, + { + "name": "25428", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25428" + }, + { + "name": "ADV-2006-1750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1750" + }, + { + "name": "17903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17903" + }, + { + "name": "multicalendars-allcalendars-sql-injection(26362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26362" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/multicalendars-3.0-sql-inj.txt", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/multicalendars-3.0-sql-inj.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2306.json b/2006/2xxx/CVE-2006-2306.json index 799b9c42d9d..8198229b945 100644 --- a/2006/2xxx/CVE-2006-2306.json +++ b/2006/2xxx/CVE-2006-2306.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17907" - }, - { - "name" : "ADV-2006-1751", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1751" - }, - { - "name" : "25330", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25330" - }, - { - "name" : "20006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20006" - }, - { - "name" : "epublisherpro-moreinfo-xss(26344)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1751", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1751" + }, + { + "name": "17907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17907" + }, + { + "name": "epublisherpro-moreinfo-xss(26344)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26344" + }, + { + "name": "25330", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25330" + }, + { + "name": "20006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20006" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6234.json b/2006/6xxx/CVE-2006-6234.json index d78e6e4c4a1..0c8b8dcf273 100644 --- a/2006/6xxx/CVE-2006-6234.json +++ b/2006/6xxx/CVE-2006-6234.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060617 Module's Name Content<<--V1.0 SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437835/100/200/threaded" - }, - { - "name" : "20061201 Old PHP-Nuke/PostNuke SQL injection issues - clarification", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-December/001157.html" - }, - { - "name" : "1953", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1953" - }, - { - "name" : "phpnuke-module-sqlinjection(27501)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060617 Module's Name Content<<--V1.0 SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437835/100/200/threaded" + }, + { + "name": "1953", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1953" + }, + { + "name": "20061201 Old PHP-Nuke/PostNuke SQL injection issues - clarification", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-December/001157.html" + }, + { + "name": "phpnuke-module-sqlinjection(27501)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6549.json b/2006/6xxx/CVE-2006-6549.json index 91ee9220689..dd0bd00be2d 100644 --- a/2006/6xxx/CVE-2006-6549.json +++ b/2006/6xxx/CVE-2006-6549.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as \"\" before use, and the nearby instructions say \"SET THE SAVE PATH by editing the line below.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061212 Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454175/100/0/threaded" - }, - { - "name" : "2034", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2034" - }, - { - "name" : "radupload-upload-file-include(30864)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as \"\" before use, and the nearby instructions say \"SET THE SAVE PATH by editing the line below.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "radupload-upload-file-include(30864)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30864" + }, + { + "name": "20061212 Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454175/100/0/threaded" + }, + { + "name": "2034", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2034" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2042.json b/2011/2xxx/CVE-2011-2042.json index de87cc623f1..16d65336636 100644 --- a/2011/2xxx/CVE-2011-2042.json +++ b/2011/2xxx/CVE-2011-2042.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2494.json b/2011/2xxx/CVE-2011-2494.json index 0e3de36cf94..f139263b5c7 100644 --- a/2011/2xxx/CVE-2011-2494.json +++ b/2011/2xxx/CVE-2011-2494.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: kernel: taskstats/procfs io infoleak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a51410abe7d0ee4b1d112780f46df87d3621043", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a51410abe7d0ee4b1d112780f46df87d3621043" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=716842", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=716842" - }, - { - "name" : "https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043" - }, - { - "name" : "SUSE-SU-2012:0554", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" - }, - { - "name" : "48898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: kernel: taskstats/procfs io infoleak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/1" + }, + { + "name": "SUSE-SU-2012:0554", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" + }, + { + "name": "48898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48898" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a51410abe7d0ee4b1d112780f46df87d3621043", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a51410abe7d0ee4b1d112780f46df87d3621043" + }, + { + "name": "https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=716842", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=716842" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2610.json b/2011/2xxx/CVE-2011-2610.json index db27ec4ca4c..7aabfdd2580 100644 --- a/2011/2xxx/CVE-2011-2610.json +++ b/2011/2xxx/CVE-2011-2610.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a \"moderately severe issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1150/" - }, - { - "name" : "48568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a \"moderately severe issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1150/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1150/" + }, + { + "name": "48568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48568" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1150/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2907.json b/2011/2xxx/CVE-2011-2907.json index 4f7db19c46e..cfeabaaaa69 100644 --- a/2011/2xxx/CVE-2011-2907.json +++ b/2011/2xxx/CVE-2011-2907.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110810 CVE-2011-2907: authentication bypass in torque", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/11/1" - }, - { - "name" : "[torqueusers] 20110809 TORQUE authorization security vulnerability", - "refsource" : "MLIST", - "url" : "http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html" - }, - { - "name" : "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296", - "refsource" : "MISC", - "url" : "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=713090", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=713090" - }, - { - "name" : "49119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49119" - }, - { - "name" : "45524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45524" - }, - { - "name" : "torque-resource-manager-pbsohost-sec-bypass(69138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=713090", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713090" + }, + { + "name": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296", + "refsource": "MISC", + "url": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296" + }, + { + "name": "[torqueusers] 20110809 TORQUE authorization security vulnerability", + "refsource": "MLIST", + "url": "http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html" + }, + { + "name": "49119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49119" + }, + { + "name": "45524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45524" + }, + { + "name": "torque-resource-manager-pbsohost-sec-bypass(69138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69138" + }, + { + "name": "[oss-security] 20110810 CVE-2011-2907: authentication bypass in torque", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/11/1" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2967.json b/2011/2xxx/CVE-2011-2967.json index 4e6f7b519ed..621951de31d 100644 --- a/2011/2xxx/CVE-2011-2967.json +++ b/2011/2xxx/CVE-2011-2967.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2967", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2967", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3027.json b/2011/3xxx/CVE-2011-3027.json index 8ff40ba5621..f1fcead270e 100644 --- a/2011/3xxx/CVE-2011-3027.json +++ b/2011/3xxx/CVE-2011-3027.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=112847", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=112847" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:14955", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14955" - }, - { - "name" : "48016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "oval:org.mitre.oval:def:14955", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14955" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=112847", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=112847" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html" + }, + { + "name": "48016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48016" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3053.json b/2011/3xxx/CVE-2011-3053.json index b15cd111209..f03a02e9a87 100644 --- a/2011/3xxx/CVE-2011-3053.json +++ b/2011/3xxx/CVE-2011-3053.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=116746", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=116746" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201203-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" - }, - { - "name" : "openSUSE-SU-2012:0466", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html" - }, - { - "name" : "52674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52674" - }, - { - "name" : "80291", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80291" - }, - { - "name" : "oval:org.mitre.oval:def:14658", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14658" - }, - { - "name" : "1026841", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026841" - }, - { - "name" : "48512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48512" - }, - { - "name" : "48527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48527" - }, - { - "name" : "chrome-block-splitting-code-exec(74213)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80291", + "refsource": "OSVDB", + "url": "http://osvdb.org/80291" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "chrome-block-splitting-code-exec(74213)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74213" + }, + { + "name": "48527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48527" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=116746", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=116746" + }, + { + "name": "openSUSE-SU-2012:0466", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "1026841", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026841" + }, + { + "name": "52674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52674" + }, + { + "name": "GLSA-201203-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-19.xml" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "oval:org.mitre.oval:def:14658", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14658" + }, + { + "name": "48512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48512" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3257.json b/2011/3xxx/CVE-2011-3257.json index bc20af96dc2..72003b36061 100644 --- a/2011/3xxx/CVE-2011-3257.json +++ b/2011/3xxx/CVE-2011-3257.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "76325", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76325" - }, - { - "name" : "appleios-data-access-info-disc(70553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "appleios-data-access-info-disc(70553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70553" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "76325", + "refsource": "OSVDB", + "url": "http://osvdb.org/76325" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3274.json b/2011/3xxx/CVE-2011-3274.json index 257b084f147..9c3898c71aa 100644 --- a/2011/3xxx/CVE-2011-3274.json +++ b/2011/3xxx/CVE-2011-3274.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24125", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24125" - }, - { - "name" : "20110928 Cisco IOS Software IPv6 over MPLS Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d52.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24125", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24125" + }, + { + "name": "20110928 Cisco IOS Software IPv6 over MPLS Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d52.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3919.json b/2011/3xxx/CVE-2011-3919.json index 3ac46bce285..be566c2c077 100644 --- a/2011/3xxx/CVE-2011-3919.json +++ b/2011/3xxx/CVE-2011-3919.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=107128", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=107128" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "DSA-2394", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2394" - }, - { - "name" : "MDVSA-2012:005", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:005" - }, - { - "name" : "RHSA-2013:0217", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0217.html" - }, - { - "name" : "SUSE-SU-2013:1627", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" - }, - { - "name" : "51300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51300" - }, - { - "name" : "oval:org.mitre.oval:def:14504", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14504" - }, - { - "name" : "1026487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026487" - }, - { - "name" : "47449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47449" - }, - { - "name" : "55568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51300" + }, + { + "name": "oval:org.mitre.oval:def:14504", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14504" + }, + { + "name": "SUSE-SU-2013:1627", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "RHSA-2013:0217", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=107128", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=107128" + }, + { + "name": "55568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55568" + }, + { + "name": "MDVSA-2012:005", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:005" + }, + { + "name": "1026487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026487" + }, + { + "name": "47449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47449" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + }, + { + "name": "DSA-2394", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2394" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4233.json b/2011/4xxx/CVE-2011-4233.json index 1e08874f4c8..e2676515421 100644 --- a/2011/4xxx/CVE-2011-4233.json +++ b/2011/4xxx/CVE-2011-4233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4233", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4233", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4443.json b/2011/4xxx/CVE-2011-4443.json index 9c778f7437d..595314cc2d5 100644 --- a/2011/4xxx/CVE-2011-4443.json +++ b/2011/4xxx/CVE-2011-4443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4443", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4443", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0292.json b/2013/0xxx/CVE-2013-0292.json index 58e51fcc8b4..536d85e1e72 100644 --- a/2013/0xxx/CVE-2013-0292.json +++ b/2013/0xxx/CVE-2013-0292.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33614", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33614" - }, - { - "name" : "[oss-security] 20130215 CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/15/10" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658", - "refsource" : "MISC", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658" - }, - { - "name" : "http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=60916", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=60916" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "MDVSA-2013:071", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:071" - }, - { - "name" : "RHSA-2013:0568", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0568.html" - }, - { - "name" : "USN-1753-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1753-1" - }, - { - "name" : "57985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57985" - }, - { - "name" : "90302", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90302" - }, - { - "name" : "52225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52225" - }, - { - "name" : "52375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52375" - }, - { - "name" : "52404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52404" - }, - { - "name" : "dbus-message-sender-priv-esc(82135)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "33614", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33614" + }, + { + "name": "MDVSA-2013:071", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:071" + }, + { + "name": "52225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52225" + }, + { + "name": "dbus-message-sender-priv-esc(82135)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82135" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658", + "refsource": "MISC", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658" + }, + { + "name": "52375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52375" + }, + { + "name": "USN-1753-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1753-1" + }, + { + "name": "RHSA-2013:0568", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0568.html" + }, + { + "name": "57985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57985" + }, + { + "name": "52404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52404" + }, + { + "name": "[oss-security] 20130215 CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/15/10" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "90302", + "refsource": "OSVDB", + "url": "http://osvdb.org/90302" + }, + { + "name": "http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=60916", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=60916" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1317.json b/2013/1xxx/CVE-2013-1317.json index f0bd39640d9..bd50505667d 100644 --- a/2013/1xxx/CVE-2013-1317.json +++ b/2013/1xxx/CVE-2013-1317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka \"Publisher Integer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" - }, - { - "name" : "TA13-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" - }, - { - "name" : "oval:org.mitre.oval:def:16548", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka \"Publisher Integer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" + }, + { + "name": "oval:org.mitre.oval:def:16548", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16548" + }, + { + "name": "MS13-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1336.json b/2013/1xxx/CVE-2013-1336.json index 5294a1fa2c3..ea83664ed06 100644 --- a/2013/1xxx/CVE-2013-1336.json +++ b/2013/1xxx/CVE-2013-1336.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka \"XML Digital Signature Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-040", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040" - }, - { - "name" : "TA13-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" - }, - { - "name" : "oval:org.mitre.oval:def:16559", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka \"XML Digital Signature Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" + }, + { + "name": "MS13-040", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040" + }, + { + "name": "oval:org.mitre.oval:def:16559", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1687.json b/2013/1xxx/CVE-2013-1687.json index fe9e591edc3..35fd7664f2a 100644 --- a/2013/1xxx/CVE-2013-1687.json +++ b/2013/1xxx/CVE-2013-1687.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-51.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-51.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=863933", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=863933" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=866823", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=866823" - }, - { - "name" : "DSA-2716", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2716" - }, - { - "name" : "DSA-2720", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2720" - }, - { - "name" : "RHSA-2013:0981", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0981.html" - }, - { - "name" : "RHSA-2013:0982", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0982.html" - }, - { - "name" : "SUSE-SU-2013:1152", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:1153", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:1140", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:1141", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html" - }, - { - "name" : "openSUSE-SU-2013:1142", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:1143", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html" - }, - { - "name" : "USN-1890-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1890-1" - }, - { - "name" : "USN-1891-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1891-1" - }, - { - "name" : "60777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60777" - }, - { - "name" : "oval:org.mitre.oval:def:17117", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17117", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17117" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=866823", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=866823" + }, + { + "name": "USN-1890-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1890-1" + }, + { + "name": "RHSA-2013:0982", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html" + }, + { + "name": "SUSE-SU-2013:1153", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-51.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-51.html" + }, + { + "name": "SUSE-SU-2013:1152", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html" + }, + { + "name": "RHSA-2013:0981", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html" + }, + { + "name": "USN-1891-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1891-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=863933", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=863933" + }, + { + "name": "openSUSE-SU-2013:1141", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html" + }, + { + "name": "DSA-2716", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2716" + }, + { + "name": "openSUSE-SU-2013:1142", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:1140", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" + }, + { + "name": "DSA-2720", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2720" + }, + { + "name": "60777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60777" + }, + { + "name": "openSUSE-SU-2013:1143", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5048.json b/2013/5xxx/CVE-2013-5048.json index 1a3a71e3336..a706991057f 100644 --- a/2013/5xxx/CVE-2013-5048.json +++ b/2013/5xxx/CVE-2013-5048.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-5047." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-5048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-097", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-5047." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-097", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5051.json b/2013/5xxx/CVE-2013-5051.json index 22ee996797d..60aea523be3 100644 --- a/2013/5xxx/CVE-2013-5051.json +++ b/2013/5xxx/CVE-2013-5051.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-5051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-097", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-097", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5131.json b/2013/5xxx/CVE-2013-5131.json index 626db15c557..9747ba0a816 100644 --- a/2013/5xxx/CVE-2013-5131.json +++ b/2013/5xxx/CVE-2013-5131.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "APPLE-SA-2013-10-22-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" - }, - { - "name" : "1029054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029054" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029054" + }, + { + "name": "APPLE-SA-2013-10-22-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" + }, + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5881.json b/2013/5xxx/CVE-2013-5881.json index 362d636b17e..0f501dc37cd 100644 --- a/2013/5xxx/CVE-2013-5881.json +++ b/2013/5xxx/CVE-2013-5881.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64885" - }, - { - "name" : "102066", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102066" - }, - { - "name" : "56491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56491" - }, - { - "name" : "oracle-cpujan2014-cve20135881(90377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56491" + }, + { + "name": "oracle-cpujan2014-cve20135881(90377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90377" + }, + { + "name": "64885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64885" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "102066", + "refsource": "OSVDB", + "url": "http://osvdb.org/102066" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2937.json b/2014/2xxx/CVE-2014-2937.json index 06dcc8f6404..db915b20b05 100644 --- a/2014/2xxx/CVE-2014-2937.json +++ b/2014/2xxx/CVE-2014-2937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2937", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candidate is a reservation duplicate of CVE-2014-3220. Notes: All CVE users should reference CVE-2014-3220 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-2937", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candidate is a reservation duplicate of CVE-2014-3220. Notes: All CVE users should reference CVE-2014-3220 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6509.json b/2014/6xxx/CVE-2014-6509.json index 8a475682787..7b03a6cb9dd 100644 --- a/2014/6xxx/CVE-2014-6509.json +++ b/2014/6xxx/CVE-2014-6509.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031583", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031583", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031583" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0374.json b/2017/0xxx/CVE-2017-0374.json index f7958373c7e..c5f96111a4d 100644 --- a/2017/0xxx/CVE-2017-0374.json +++ b/2017/0xxx/CVE-2017-0374.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2017-0374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libconfig-model-perl", - "version" : { - "version_data" : [ - { - "version_value" : "libconfig-model-perl" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "untrusted include directory" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-0374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libconfig-model-perl", + "version": { + "version_data": [ + { + "version_value": "libconfig-model-perl" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes" - }, - { - "name" : "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573", - "refsource" : "CONFIRM", - "url" : "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0374", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "untrusted include directory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2017-0374", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2017-0374" + }, + { + "name": "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573", + "refsource": "CONFIRM", + "url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0787.json b/2017/0xxx/CVE-2017-0787.json index 15c1823b7b4..6c516807789 100644 --- a/2017/0xxx/CVE-2017-0787.json +++ b/2017/0xxx/CVE-2017-0787.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100655" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0815.json b/2017/0xxx/CVE-2017-0815.json index 45a0090351a..0265b0a9382 100644 --- a/2017/0xxx/CVE-2017-0815.json +++ b/2017/0xxx/CVE-2017-0815.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-0815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-0815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-10-01" - }, - { - "name" : "101088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04" + }, + { + "name": "https://source.android.com/security/bulletin/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-10-01" + }, + { + "name": "101088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101088" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0893.json b/2017/0xxx/CVE-2017-0893.json index 0c23e4e0fc5..b9b276ca391 100644 --- a/2017/0xxx/CVE-2017-0893.json +++ b/2017/0xxx/CVE-2017-0893.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server", - "version" : { - "version_data" : [ - { - "version_value" : "before 9.0.58 and 10.0.5 and 11.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Nextcloud" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "before 9.0.58 and 10.0.5 and 11.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Nextcloud" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/222838", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/222838" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-010", - "refsource" : "CONFIRM", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-010", + "refsource": "CONFIRM", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-010" + }, + { + "name": "https://hackerone.com/reports/222838", + "refsource": "MISC", + "url": "https://hackerone.com/reports/222838" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000038.json b/2017/1000xxx/CVE-2017-1000038.json index 9615e53a19f..b432f769da5 100644 --- a/2017/1000xxx/CVE-2017-1000038.json +++ b/2017/1000xxx/CVE-2017-1000038.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.286752", - "ID" : "CVE-2017-1000038", - "REQUESTER" : "tom@dxw.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Relevanssi", - "version" : { - "version_data" : [ - { - "version_value" : "3.5.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "Mikko Saari" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.286752", + "ID": "CVE-2017-1000038", + "REQUESTER": "tom@dxw.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do/", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do/", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000050.json b/2017/1000xxx/CVE-2017-1000050.json index b14525210db..726b8d107e2 100644 --- a/2017/1000xxx/CVE-2017-1000050.json +++ b/2017/1000xxx/CVE-2017-1000050.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.297805", - "ID" : "CVE-2017-1000050", - "REQUESTER" : "sasadeu1@umbc.edu", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "JasPer Image Processing/Coding Tool Kit", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.12" - } - ] - } - } - ] - }, - "vendor_name" : "JasPer" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Null Pointer Defererence (Failure to handle exceptional conditions)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.297805", + "ID": "CVE-2017-1000050", + "REQUESTER": "sasadeu1@umbc.edu", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170305 CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/06/1" - }, - { - "name" : "RHSA-2018:3253", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3253" - }, - { - "name" : "RHSA-2018:3505", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3505" - }, - { - "name" : "USN-3693-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3693-1/" - }, - { - "name" : "96595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170305 CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/06/1" + }, + { + "name": "RHSA-2018:3253", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3253" + }, + { + "name": "RHSA-2018:3505", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3505" + }, + { + "name": "96595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96595" + }, + { + "name": "USN-3693-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3693-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000098.json b/2017/1000xxx/CVE-2017-1000098.json index 2680b347553..dc67234c86b 100644 --- a/2017/1000xxx/CVE-2017-1000098.json +++ b/2017/1000xxx/CVE-2017-1000098.json @@ -1,77 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-09", - "ID" : "CVE-2017-1000098", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Go", - "version" : { - "version_data" : [ - { - "version_value" : "1.6.3" - }, - { - "version_value" : "1.7.3" - } - ] - } - } - ] - }, - "vendor_name" : "Go" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given \"maxMemory\" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-09", + "ID": "CVE-2017-1000098", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://golang.org/cl/30410", - "refsource" : "CONFIRM", - "url" : "https://golang.org/cl/30410" - }, - { - "name" : "https://golang.org/issue/17965", - "refsource" : "CONFIRM", - "url" : "https://golang.org/issue/17965" - }, - { - "name" : "https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given \"maxMemory\" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ" + }, + { + "name": "https://golang.org/issue/17965", + "refsource": "CONFIRM", + "url": "https://golang.org/issue/17965" + }, + { + "name": "https://golang.org/cl/30410", + "refsource": "CONFIRM", + "url": "https://golang.org/cl/30410" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12409.json b/2017/12xxx/CVE-2017-12409.json index 42ff4fed958..36d27f7bf39 100644 --- a/2017/12xxx/CVE-2017-12409.json +++ b/2017/12xxx/CVE-2017-12409.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12409", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12409", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16388.json b/2017/16xxx/CVE-2017-16388.json index aad4d7c1c1f..60c5799ce8b 100644 --- a/2017/16xxx/CVE-2017-16388.json +++ b/2017/16xxx/CVE-2017-16388.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "101818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101818" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101818" + }, + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16682.json b/2017/16xxx/CVE-2017-16682.json index 97b91e4f209..62b8097a678 100644 --- a/2017/16xxx/CVE-2017-16682.json +++ b/2017/16xxx/CVE-2017-16682.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-16682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP NetWeaver Internet Transaction Server (ITS)", - "version" : { - "version_data" : [ - { - "version_value" : "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Code Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-16682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Internet Transaction Server (ITS)", + "version": { + "version_data": [ + { + "version_value": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2526781", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2526781" - }, - { - "name" : "102143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102143" + }, + { + "name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2526781", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2526781" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16888.json b/2017/16xxx/CVE-2017-16888.json index f718a8f88e0..0cf1b7fc207 100644 --- a/2017/16xxx/CVE-2017-16888.json +++ b/2017/16xxx/CVE-2017-16888.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16888", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16888", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1542.json b/2017/1xxx/CVE-2017-1542.json index ee120c4064c..1a75b97c288 100644 --- a/2017/1xxx/CVE-2017-1542.json +++ b/2017/1xxx/CVE-2017-1542.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1542", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1542", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1769.json b/2017/1xxx/CVE-2017-1769.json index 20c66ec774e..759d5384788 100644 --- a/2017/1xxx/CVE-2017-1769.json +++ b/2017/1xxx/CVE-2017-1769.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-22T00:00:00", - "ID" : "CVE-2017-1769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Business Process Manager", - "version" : { - "version_data" : [ - { - "version_value" : "8.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-22T00:00:00", + "ID": "CVE-2017-1769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Process Manager", + "version": { + "version_data": [ + { + "version_value": "8.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136783", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136783" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22011579", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011579" - }, - { - "name" : "102777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102777" - }, - { - "name" : "1040298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040298" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136783", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136783" + }, + { + "name": "102777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102777" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22011579", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22011579" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4652.json b/2017/4xxx/CVE-2017-4652.json index 16a1e9f6b39..8ef692af931 100644 --- a/2017/4xxx/CVE-2017-4652.json +++ b/2017/4xxx/CVE-2017-4652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4652", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4652", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4742.json b/2017/4xxx/CVE-2017-4742.json index 85c62a48692..e4eec5932bb 100644 --- a/2017/4xxx/CVE-2017-4742.json +++ b/2017/4xxx/CVE-2017-4742.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4742", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4742", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4898.json b/2017/4xxx/CVE-2017-4898.json index d3ced5b7535..646e666eb1b 100644 --- a/2017/4xxx/CVE-2017-4898.json +++ b/2017/4xxx/CVE-2017-4898.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2017-4898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Workstation Pro/Player", - "version" : { - "version_data" : [ - { - "version_value" : "12.x prior to version 12.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DLL Hijack" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2017-4898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Workstation Pro/Player", + "version": { + "version_data": [ + { + "version_value": "12.x prior to version 12.5.3" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2017-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2017-0003.html" - }, - { - "name" : "96772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96772" - }, - { - "name" : "1037979", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Hijack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html" + }, + { + "name": "96772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96772" + }, + { + "name": "1037979", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037979" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4926.json b/2017/4xxx/CVE-2017-4926.json index 579cce35ab9..0b2019a4fd5 100644 --- a/2017/4xxx/CVE-2017-4926.json +++ b/2017/4xxx/CVE-2017-4926.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2017-09-14T00:00:00", - "ID" : "CVE-2017-4926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "vCenter Server", - "version" : { - "version_data" : [ - { - "version_value" : "6.5 prior to 6.5 U1" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stored XSS" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2017-09-14T00:00:00", + "ID": "CVE-2017-4926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "vCenter Server", + "version": { + "version_data": [ + { + "version_value": "6.5 prior to 6.5 U1" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2017-0015.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2017-0015.html" - }, - { - "name" : "100844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100844" - }, - { - "name" : "1039364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039364" + }, + { + "name": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html" + }, + { + "name": "100844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100844" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5736.json b/2018/5xxx/CVE-2018-5736.json index c9a7151e1b9..ba436e1d21c 100644 --- a/2018/5xxx/CVE-2018-5736.json +++ b/2018/5xxx/CVE-2018-5736.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-officer@isc.org", - "ID" : "CVE-2018-5736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security-officer@isc.org", + "ID": "CVE-2018-5736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.isc.org/docs/aa-01602", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/docs/aa-01602" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180926-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180926-0004/" - }, - { - "name" : "104386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104386" - }, - { - "name" : "1040941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104386" + }, + { + "name": "1040941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040941" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180926-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180926-0004/" + }, + { + "name": "https://kb.isc.org/docs/aa-01602", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/docs/aa-01602" + } + ] + } +} \ No newline at end of file