diff --git a/2001/1xxx/CVE-2001-1182.json b/2001/1xxx/CVE-2001-1182.json index acf8abe7abd..74df5e9126f 100644 --- a/2001/1xxx/CVE-2001-1182.json +++ b/2001/1xxx/CVE-2001-1182.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0107-160", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q3/0014.html" - }, - { - "name" : "oval:org.mitre.oval:def:5657", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5657", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5657" + }, + { + "name": "HPSBUX0107-160", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q3/0014.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1243.json b/2001/1xxx/CVE-2001-1243.json index 7f545e3d4bc..4ba0a6dc634 100644 --- a/2001/1xxx/CVE-2001-1243.json +++ b/2001/1xxx/CVE-2001-1243.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010704 NERF Advisory #4: MS IIS local and remote DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/194919" - }, - { - "name" : "2973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2973" - }, - { - "name" : "iis-device-asp-dos(6800)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6800.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "iis-device-asp-dos(6800)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6800.php" + }, + { + "name": "2973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2973" + }, + { + "name": "20010704 NERF Advisory #4: MS IIS local and remote DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/194919" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1480.json b/2001/1xxx/CVE-2001-1480.json index dc6785ee3ae..ab2f739490a 100644 --- a/2001/1xxx/CVE-2001-1480.json +++ b/2001/1xxx/CVE-2001-1480.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011017 Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2001/10/msg00120.html" - }, - { - "name" : "00208", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/208&type=0&nav=sec.sba" - }, - { - "name" : "HPSBUX0110-174", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/3617" - }, - { - "name" : "3441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3441" - }, - { - "name" : "jre-system-clipboard-access(7333)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jre-system-clipboard-access(7333)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7333" + }, + { + "name": "3441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3441" + }, + { + "name": "20011017 Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2001/10/msg00120.html" + }, + { + "name": "00208", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/208&type=0&nav=sec.sba" + }, + { + "name": "HPSBUX0110-174", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/3617" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1498.json b/2001/1xxx/CVE-2001-1498.json index d0132c78e8b..71125c8beec 100644 --- a/2001/1xxx/CVE-2001-1498.json +++ b/2001/1xxx/CVE-2001-1498.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugtraq.org/advisories/GOBBLES-15.txt", - "refsource" : "MISC", - "url" : "http://www.bugtraq.org/advisories/GOBBLES-15.txt" - }, - { - "name" : "brainf*ck-modbf-bo(7730)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7730" - }, - { - "name" : "3713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bugtraq.org/advisories/GOBBLES-15.txt", + "refsource": "MISC", + "url": "http://www.bugtraq.org/advisories/GOBBLES-15.txt" + }, + { + "name": "3713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3713" + }, + { + "name": "brainf*ck-modbf-bo(7730)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7730" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2347.json b/2006/2xxx/CVE-2006-2347.json index f416be6e939..79e233f8a57 100644 --- a/2006/2xxx/CVE-2006-2347.json +++ b/2006/2xxx/CVE-2006-2347.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via \"'\" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060511 Several flaws in e-business designer (eBD)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433807/100/0/threaded" - }, - { - "name" : "20060511 Several flaws in e-business designer (eBD)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045980.html" - }, - { - "name" : "17933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17933" - }, - { - "name" : "ADV-2006-1784", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1784" - }, - { - "name" : "20071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20071" - }, - { - "name" : "891", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/891" - }, - { - "name" : "ebd-multiple-path-disclosure(26476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via \"'\" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20071" + }, + { + "name": "891", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/891" + }, + { + "name": "20060511 Several flaws in e-business designer (eBD)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045980.html" + }, + { + "name": "20060511 Several flaws in e-business designer (eBD)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433807/100/0/threaded" + }, + { + "name": "17933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17933" + }, + { + "name": "ebd-multiple-path-disclosure(26476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26476" + }, + { + "name": "ADV-2006-1784", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1784" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2366.json b/2006/2xxx/CVE-2006-2366.json index 9a89a06b504..b2dca2668e4 100644 --- a/2006/2xxx/CVE-2006-2366.json +++ b/2006/2xxx/CVE-2006-2366.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366484", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366484" - }, - { - "name" : "17921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17921" - }, - { - "name" : "20302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20302" - }, - { - "name" : "openobex-ircp-file-overwrite(26686)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366484", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366484" + }, + { + "name": "openobex-ircp-file-overwrite(26686)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26686" + }, + { + "name": "20302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20302" + }, + { + "name": "17921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17921" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2451.json b/2006/2xxx/CVE-2006-2451.json index 9226e4403b4..5ec4e5812fb 100644 --- a/2006/2xxx/CVE-2006-2451.json +++ b/2006/2xxx/CVE-2006-2451.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060707 rPSA-2006-0122-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439483/100/100/threaded" - }, - { - "name" : "20060710 Re: rPSA-2006-0122-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439610/100/100/threaded" - }, - { - "name" : "20060714 Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440057/100/0/threaded" - }, - { - "name" : "20060713 Linux sys_prctl LKM based hotfix", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440118/100/0/threaded" - }, - { - "name" : "20060712 Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 )", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439869/100/0/threaded" - }, - { - "name" : "20060713 Re: [Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 )", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440117/100/0/threaded" - }, - { - "name" : "20060716 Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440379/100/0/threaded" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.24", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.24" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=0af184bb9f80edfbb94de46cb52e9592e5a547b0", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=0af184bb9f80edfbb94de46cb52e9592e5a547b0" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-488", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-488" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-162.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-162.htm" - }, - { - "name" : "RHSA-2006:0574", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0574.html" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195902", - "refsource" : "MISC", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195902" - }, - { - "name" : "SUSE-SR:2006:016", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_16_sr.html" - }, - { - "name" : "SUSE-SR:2006:017", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_17_sr.html" - }, - { - "name" : "SUSE-SA:2006:042", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_42_kernel.html" - }, - { - "name" : "SUSE-SA:2006:047", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_47_kernel.html" - }, - { - "name" : "SUSE-SA:2006:049", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_49_kernel.html" - }, - { - "name" : "USN-311-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-311-1" - }, - { - "name" : "18874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18874" - }, - { - "name" : "oval:org.mitre.oval:def:11336", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11336" - }, - { - "name" : "ADV-2006-2699", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2699" - }, - { - "name" : "27030", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27030" - }, - { - "name" : "1016451", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016451" - }, - { - "name" : "20953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20953" - }, - { - "name" : "20965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20965" - }, - { - "name" : "20986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20986" - }, - { - "name" : "20991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20991" - }, - { - "name" : "21179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21179" - }, - { - "name" : "21966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21966" - }, - { - "name" : "20960", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20960" - }, - { - "name" : "21498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2006:0574", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0574.html" + }, + { + "name": "20060713 Re: [Full-disclosure] Re: Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 )", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440117/100/0/threaded" + }, + { + "name": "SUSE-SR:2006:017", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html" + }, + { + "name": "SUSE-SA:2006:042", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html" + }, + { + "name": "ADV-2006-2699", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2699" + }, + { + "name": "20060707 rPSA-2006-0122-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439483/100/100/threaded" + }, + { + "name": "20060716 Re: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440379/100/0/threaded" + }, + { + "name": "20060714 Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440057/100/0/threaded" + }, + { + "name": "20060710 Re: rPSA-2006-0122-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439610/100/100/threaded" + }, + { + "name": "SUSE-SA:2006:047", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_47_kernel.html" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=0af184bb9f80edfbb94de46cb52e9592e5a547b0", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=0af184bb9f80edfbb94de46cb52e9592e5a547b0" + }, + { + "name": "1016451", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016451" + }, + { + "name": "20965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20965" + }, + { + "name": "18874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18874" + }, + { + "name": "USN-311-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-311-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.24", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.24" + }, + { + "name": "27030", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27030" + }, + { + "name": "21966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21966" + }, + { + "name": "SUSE-SR:2006:016", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html" + }, + { + "name": "20953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20953" + }, + { + "name": "21498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21498" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195902", + "refsource": "MISC", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195902" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4" + }, + { + "name": "SUSE-SA:2006:049", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_49_kernel.html" + }, + { + "name": "20986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20986" + }, + { + "name": "20991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20991" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-162.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-162.htm" + }, + { + "name": "20960", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20960" + }, + { + "name": "oval:org.mitre.oval:def:11336", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11336" + }, + { + "name": "20060712 Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 )", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439869/100/0/threaded" + }, + { + "name": "https://issues.rpath.com/browse/RPL-488", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-488" + }, + { + "name": "20060713 Linux sys_prctl LKM based hotfix", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440118/100/0/threaded" + }, + { + "name": "21179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21179" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6097.json b/2006/6xxx/CVE-2006-6097.json index ec483db4c47..357491968c0 100644 --- a/2006/6xxx/CVE-2006-6097.json +++ b/2006/6xxx/CVE-2006-6097.json @@ -1,272 +1,272 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061201 rPSA-2006-0222-1 tar", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453286/100/0/threaded" - }, - { - "name" : "20070330 VMSA-2007-0002 VMware ESX security updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464268/100/0/threaded" - }, - { - "name" : "20061121 GNU tar directory traversal", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-821", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-821" - }, - { - "name" : "http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "DSA-1223", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1223" - }, - { - "name" : "FreeBSD-SA-06:26", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc" - }, - { - "name" : "GLSA-200612-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200612-10.xml" - }, - { - "name" : "MDKSA-2006:219", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:219" - }, - { - "name" : "OpenPKG-SA-2006.038", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html" - }, - { - "name" : "RHSA-2006:0749", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0749.html" - }, - { - "name" : "20061202-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" - }, - { - "name" : "SSA:2006-335-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379" - }, - { - "name" : "2006-0068", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0068/" - }, - { - "name" : "USN-385-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-385-1" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "21235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21235" - }, - { - "name" : "oval:org.mitre.oval:def:10963", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963" - }, - { - "name" : "ADV-2006-4717", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4717" - }, - { - "name" : "ADV-2006-5102", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5102" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "ADV-2007-1171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1171" - }, - { - "name" : "1017423", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017423" - }, - { - "name" : "23115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23115" - }, - { - "name" : "23142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23142" - }, - { - "name" : "23117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23117" - }, - { - "name" : "23173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23173" - }, - { - "name" : "23163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23163" - }, - { - "name" : "23209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23209" - }, - { - "name" : "23146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23146" - }, - { - "name" : "23198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23198" - }, - { - "name" : "23314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23314" - }, - { - "name" : "23443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23443" - }, - { - "name" : "23514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23514" - }, - { - "name" : "23911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23911" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - }, - { - "name" : "24636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24636" - }, - { - "name" : "1918", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23117" + }, + { + "name": "oval:org.mitre.oval:def:10963", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10963" + }, + { + "name": "https://issues.rpath.com/browse/RPL-821", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-821" + }, + { + "name": "1918", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1918" + }, + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "21235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21235" + }, + { + "name": "23146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23146" + }, + { + "name": "20061121 GNU tar directory traversal", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html" + }, + { + "name": "http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "http://kb.vmware.com/KanisaPlatform/Publishing/817/2240267_f.SAL_Public.html" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "23209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23209" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "ADV-2006-5102", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5102" + }, + { + "name": "2006-0068", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0068/" + }, + { + "name": "23142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23142" + }, + { + "name": "23314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23314" + }, + { + "name": "ADV-2007-1171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1171" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-015.htm" + }, + { + "name": "GLSA-200612-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200612-10.xml" + }, + { + "name": "23198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23198" + }, + { + "name": "23115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23115" + }, + { + "name": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html" + }, + { + "name": "20061201 rPSA-2006-0222-1 tar", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453286/100/0/threaded" + }, + { + "name": "23911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23911" + }, + { + "name": "20061202-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" + }, + { + "name": "USN-385-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-385-1" + }, + { + "name": "20070330 VMSA-2007-0002 VMware ESX security updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464268/100/0/threaded" + }, + { + "name": "23173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23173" + }, + { + "name": "RHSA-2006:0749", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0749.html" + }, + { + "name": "FreeBSD-SA-06:26", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:26.gtar.asc" + }, + { + "name": "1017423", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017423" + }, + { + "name": "24636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24636" + }, + { + "name": "DSA-1223", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1223" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "23443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23443" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216937" + }, + { + "name": "MDKSA-2006:219", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:219" + }, + { + "name": "OpenPKG-SA-2006.038", + "refsource": "OPENPKG", + "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html" + }, + { + "name": "ADV-2006-4717", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4717" + }, + { + "name": "23514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23514" + }, + { + "name": "SSA:2006-335-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.469379" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + }, + { + "name": "23163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23163" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6248.json b/2006/6xxx/CVE-2006-6248.json index 126aa93c275..0aaeb92d7e5 100644 --- a/2006/6xxx/CVE-2006-6248.json +++ b/2006/6xxx/CVE-2006-6248.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061118 GPhotos 1.5 Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452025/100/200/threaded" - }, - { - "name" : "20061120 Re: GPhotos 1.5 Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452099/100/200/threaded" - }, - { - "name" : "1951", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1951" - }, - { - "name" : "gphotos-index-path-disclosure(30390)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gphotos-index-path-disclosure(30390)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30390" + }, + { + "name": "20061118 GPhotos 1.5 Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452025/100/200/threaded" + }, + { + "name": "20061120 Re: GPhotos 1.5 Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452099/100/200/threaded" + }, + { + "name": "1951", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1951" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6269.json b/2006/6xxx/CVE-2006-6269.json index c0170fef812..9fa4652e100 100644 --- a/2006/6xxx/CVE-2006-6269.json +++ b/2006/6xxx/CVE-2006-6269.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061117 Infinitytechs Restaurants CM", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451970/100/200/threaded" - }, - { - "name" : "1981", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1981", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1981" + }, + { + "name": "20061117 Infinitytechs Restaurants CM", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451970/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6621.json b/2006/6xxx/CVE-2006-6621.json index fa1b90b5a89..cb6cc5cdd60 100644 --- a/2006/6xxx/CVE-2006-6621.json +++ b/2006/6xxx/CVE-2006-6621.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061215 Bypassing process identification of several personal firewalls and HIPS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454522/100/0/threaded" - }, - { - "name" : "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip", - "refsource" : "MISC", - "url" : "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip" - }, - { - "name" : "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php" - }, - { - "name" : "21615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php", + "refsource": "MISC", + "url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php" + }, + { + "name": "20061215 Bypassing process identification of several personal firewalls and HIPS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded" + }, + { + "name": "21615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21615" + }, + { + "name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip", + "refsource": "MISC", + "url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0925.json b/2011/0xxx/CVE-2011-0925.json index 5c8ea247a83..633f0ab1752 100644 --- a/2011/0xxx/CVE-2011-0925.json +++ b/2011/0xxx/CVE-2011-0925.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516648/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-092/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-092/" - }, - { - "name" : "46538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46538" - }, - { - "name" : "1025118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025118" - }, - { - "name" : "8108", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8108" - }, - { - "name" : "ADV-2011-0513", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0513" - }, - { - "name" : "cisco-secure-activex-code-execution(65754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0513", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0513" + }, + { + "name": "46538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46538" + }, + { + "name": "1025118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025118" + }, + { + "name": "20110223 ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516648/100/0/threaded" + }, + { + "name": "cisco-secure-activex-code-execution(65754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65754" + }, + { + "name": "8108", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8108" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-092/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-092/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2060.json b/2011/2xxx/CVE-2011-2060.json index 4560eec08b4..ffd1f99d4d9 100644 --- a/2011/2xxx/CVE-2011-2060.json +++ b/2011/2xxx/CVE-2011-2060.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description, which allows local users to cause a denial of service (reload without configuration) via a crafted description, aka Bug ID CSCtq50523." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description, which allows local users to cause a denial of service (reload without configuration) via a crafted description, aka Bug ID CSCtq50523." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2082.json b/2011/2xxx/CVE-2011-2082.json index 45351ed8235..92602c701a1 100644 --- a/2011/2xxx/CVE-2011-2082.json +++ b/2011/2xxx/CVE-2011-2082.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20120522 RT 3.8.12 Released - Security Release", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html" - }, - { - "name" : "[rt-announce] 20120522 RT 4.0.6 Released - Security Release", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html" - }, - { - "name" : "[rt-announce] 20120522 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html" - }, - { - "name" : "53660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53660" - }, - { - "name" : "49259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html" + }, + { + "name": "49259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49259" + }, + { + "name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html" + }, + { + "name": "[rt-announce] 20120522 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html" + }, + { + "name": "53660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53660" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2696.json b/2011/2xxx/CVE-2011-2696.json index a86ca4845e7..7f0df015629 100644 --- a/2011/2xxx/CVE-2011-2696.json +++ b/2011/2xxx/CVE-2011-2696.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110714 CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/14/1" - }, - { - "name" : "[oss-security] 20110714 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/14/2" - }, - { - "name" : "[oss-security] 20110714 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/14/3" - }, - { - "name" : "[oss-security] 20110714 Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/14/4" - }, - { - "name" : "[oss-security] 20110715 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/15/1" - }, - { - "name" : "[oss-security] 20110715 Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/15/4" - }, - { - "name" : "[oss-security] 20110715 Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/15/3" - }, - { - "name" : "[oss-security] 20110718 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/18/1" - }, - { - "name" : "http://www.securelist.com/en/advisories/45125", - "refsource" : "MISC", - "url" : "http://www.securelist.com/en/advisories/45125" - }, - { - "name" : "http://www.mega-nerd.com/libsndfile/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.mega-nerd.com/libsndfile/ChangeLog" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=375125", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=375125" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=721234", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=721234" - }, - { - "name" : "DSA-2288", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2288" - }, - { - "name" : "FEDORA-2011-9325", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062955.html" - }, - { - "name" : "MDVSA-2011:119", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:119" - }, - { - "name" : "RHSA-2011:1084", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1084.html" - }, - { - "name" : "openSUSE-SU-2011:0855", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/10387521" - }, - { - "name" : "USN-1174-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1174-1" - }, - { - "name" : "48644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48644" - }, - { - "name" : "45125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45125" - }, - { - "name" : "45351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45351" - }, - { - "name" : "45384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45384" - }, - { - "name" : "45388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45388" - }, - { - "name" : "45433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48644" + }, + { + "name": "RHSA-2011:1084", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1084.html" + }, + { + "name": "[oss-security] 20110715 Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/15/4" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=375125", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=375125" + }, + { + "name": "DSA-2288", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2288" + }, + { + "name": "FEDORA-2011-9325", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062955.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=721234", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=721234" + }, + { + "name": "45351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45351" + }, + { + "name": "[oss-security] 20110715 Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/15/3" + }, + { + "name": "[oss-security] 20110714 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/14/3" + }, + { + "name": "[oss-security] 20110714 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/14/2" + }, + { + "name": "http://www.mega-nerd.com/libsndfile/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.mega-nerd.com/libsndfile/ChangeLog" + }, + { + "name": "45125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45125" + }, + { + "name": "openSUSE-SU-2011:0855", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/10387521" + }, + { + "name": "45388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45388" + }, + { + "name": "[oss-security] 20110718 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/18/1" + }, + { + "name": "MDVSA-2011:119", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:119" + }, + { + "name": "http://www.securelist.com/en/advisories/45125", + "refsource": "MISC", + "url": "http://www.securelist.com/en/advisories/45125" + }, + { + "name": "45384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45384" + }, + { + "name": "[oss-security] 20110714 CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/14/1" + }, + { + "name": "[oss-security] 20110714 Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/14/4" + }, + { + "name": "USN-1174-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1174-1" + }, + { + "name": "[oss-security] 20110715 Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/15/1" + }, + { + "name": "45433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45433" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2818.json b/2011/2xxx/CVE-2011-2818.json index 669325cb513..18c76f5a75d 100644 --- a/2011/2xxx/CVE-2011-2818.json +++ b/2011/2xxx/CVE-2011-2818.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=88889", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=88889" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "DSA-2307", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2307" - }, - { - "name" : "74255", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74255" - }, - { - "name" : "oval:org.mitre.oval:def:14674", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14674" - }, - { - "name" : "google-chrome-display-box-ce(68968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" + }, + { + "name": "DSA-2307", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2307" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "74255", + "refsource": "OSVDB", + "url": "http://osvdb.org/74255" + }, + { + "name": "oval:org.mitre.oval:def:14674", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14674" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + }, + { + "name": "google-chrome-display-box-ce(68968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68968" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=88889", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=88889" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3039.json b/2011/3xxx/CVE-2011-3039.json index e95b77e08ae..e3cd3c1d581 100644 --- a/2011/3xxx/CVE-2011-3039.json +++ b/2011/3xxx/CVE-2011-3039.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=113707", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=113707" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201203-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" - }, - { - "name" : "openSUSE-SU-2012:0374", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" - }, - { - "name" : "52271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52271" - }, - { - "name" : "oval:org.mitre.oval:def:14904", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14904" - }, - { - "name" : "1026759", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026759" - }, - { - "name" : "48527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48527" - }, - { - "name" : "48419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48419" - }, - { - "name" : "48265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48265" - }, - { - "name" : "google-quote-code-execution(73650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:14904", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14904" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "1026759", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026759" + }, + { + "name": "48527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48527" + }, + { + "name": "48265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48265" + }, + { + "name": "48419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48419" + }, + { + "name": "openSUSE-SU-2012:0374", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" + }, + { + "name": "google-quote-code-execution(73650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73650" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=113707", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=113707" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "52271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52271" + }, + { + "name": "GLSA-201203-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-19.xml" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3115.json b/2011/3xxx/CVE-2011-3115.json index 07c3098802b..6097b5f68f7 100644 --- a/2011/3xxx/CVE-2011-3115.json +++ b/2011/3xxx/CVE-2011-3115.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger \"type corruption.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=128018", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=128018" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html" - }, - { - "name" : "GLSA-201205-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201205-04.xml" - }, - { - "name" : "53679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53679" - }, - { - "name" : "oval:org.mitre.oval:def:15433", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15433" - }, - { - "name" : "1027098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027098" - }, - { - "name" : "49277", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49277" - }, - { - "name" : "49306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49306" - }, - { - "name" : "chrome-type-corruption-code-exec(75853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger \"type corruption.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201205-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201205-04.xml" + }, + { + "name": "oval:org.mitre.oval:def:15433", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15433" + }, + { + "name": "53679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53679" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=128018", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=128018" + }, + { + "name": "1027098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027098" + }, + { + "name": "49306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49306" + }, + { + "name": "49277", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49277" + }, + { + "name": "chrome-type-corruption-code-exec(75853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75853" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3510.json b/2011/3xxx/CVE-2011-3510.json index ff470305276..b3c1856be23 100644 --- a/2011/3xxx/CVE-2011-3510.json +++ b/2011/3xxx/CVE-2011-3510.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.3.0 and 11.1.1.5.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to BI Platform Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50213" - }, - { - "name" : "76487", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76487" - }, - { - "name" : "46517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46517" - }, - { - "name" : "ofm-biee-bips-unspecified(70788)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.3.0 and 11.1.1.5.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to BI Platform Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46517" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "ofm-biee-bips-unspecified(70788)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70788" + }, + { + "name": "76487", + "refsource": "OSVDB", + "url": "http://osvdb.org/76487" + }, + { + "name": "50213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50213" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3646.json b/2011/3xxx/CVE-2011-3646.json index 0690359d44f..e4b52165c53 100644 --- a/2011/3xxx/CVE-2011-3646.json +++ b/2011/3xxx/CVE-2011-3646.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php" - }, - { - "name" : "FEDORA-2011-15460", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069235.html" - }, - { - "name" : "FEDORA-2011-15469", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069237.html" - }, - { - "name" : "FEDORA-2011-15472", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069234.html" - }, - { - "name" : "MDVSA-2011:158", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:158" - }, - { - "name" : "46874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php" + }, + { + "name": "FEDORA-2011-15460", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069235.html" + }, + { + "name": "FEDORA-2011-15469", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069237.html" + }, + { + "name": "46874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46874" + }, + { + "name": "FEDORA-2011-15472", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069234.html" + }, + { + "name": "MDVSA-2011:158", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:158" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4095.json b/2011/4xxx/CVE-2011-4095.json index 77af8b463e2..ee794fb09cf 100644 --- a/2011/4xxx/CVE-2011-4095.json +++ b/2011/4xxx/CVE-2011-4095.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4095", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4095", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4111.json b/2011/4xxx/CVE-2011-4111.json index c0179674586..ba0d7e30b8b 100644 --- a/2011/4xxx/CVE-2011-4111.json +++ b/2011/4xxx/CVE-2011-4111.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.qemu.org/?p=qemu-stable-0.15.git;a=log", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu-stable-0.15.git;a=log" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=log;h=refs/heads/stable-1.0", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=log;h=refs/heads/stable-1.0" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=751310", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=751310" - }, - { - "name" : "RHSA-2011:1777", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1777.html" - }, - { - "name" : "RHSA-2011:1801", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1801.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=751310", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751310" + }, + { + "name": "http://git.qemu.org/?p=qemu-stable-0.15.git;a=log", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu-stable-0.15.git;a=log" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=log;h=refs/heads/stable-1.0", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=log;h=refs/heads/stable-1.0" + }, + { + "name": "RHSA-2011:1777", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1777.html" + }, + { + "name": "RHSA-2011:1801", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1801.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4374.json b/2011/4xxx/CVE-2011-4374.json index 677b3bee938..fff3f32d14d 100644 --- a/2011/4xxx/CVE-2011-4374.json +++ b/2011/4xxx/CVE-2011-4374.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-4374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html" - }, - { - "name" : "oval:org.mitre.oval:def:14812", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-24.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-24.html" + }, + { + "name": "oval:org.mitre.oval:def:14812", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14812" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4448.json b/2011/4xxx/CVE-2011-4448.json index 2d6c8003be7..665afeadd41 100644 --- a/2011/4xxx/CVE-2011-4448.json +++ b/2011/4xxx/CVE-2011-4448.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wush.net/trac/wikka/changeset/1820", - "refsource" : "CONFIRM", - "url" : "http://wush.net/trac/wikka/changeset/1820" - }, - { - "name" : "http://wush.net/trac/wikka/ticket/1097", - "refsource" : "CONFIRM", - "url" : "http://wush.net/trac/wikka/ticket/1097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wush.net/trac/wikka/changeset/1820", + "refsource": "CONFIRM", + "url": "http://wush.net/trac/wikka/changeset/1820" + }, + { + "name": "http://wush.net/trac/wikka/ticket/1097", + "refsource": "CONFIRM", + "url": "http://wush.net/trac/wikka/ticket/1097" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4827.json b/2011/4xxx/CVE-2011-4827.json index b0d427472ea..2ac3a498e17 100644 --- a/2011/4xxx/CVE-2011-4827.json +++ b/2011/4xxx/CVE-2011-4827.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parameter to includes/TrueColorPicker/index.php, which is not properly handled in includes/TrueColorPicker/class.TrueColorPicker.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.autosectools.com/Advisory/V-CMS-1.0-Reflected-Cross-site-Scripting-234", - "refsource" : "MISC", - "url" : "http://www.autosectools.com/Advisory/V-CMS-1.0-Reflected-Cross-site-Scripting-234" - }, - { - "name" : "50706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50706" - }, - { - "name" : "46861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parameter to includes/TrueColorPicker/index.php, which is not properly handled in includes/TrueColorPicker/class.TrueColorPicker.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50706" + }, + { + "name": "http://www.autosectools.com/Advisory/V-CMS-1.0-Reflected-Cross-site-Scripting-234", + "refsource": "MISC", + "url": "http://www.autosectools.com/Advisory/V-CMS-1.0-Reflected-Cross-site-Scripting-234" + }, + { + "name": "46861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46861" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4908.json b/2011/4xxx/CVE-2011-4908.json index 346fcd15031..dd218639ff8 100644 --- a/2011/4xxx/CVE-2011-4908.json +++ b/2011/4xxx/CVE-2011-4908.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4908", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4908", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1082.json b/2013/1xxx/CVE-2013-1082.json index d718a736000..b12da7e25f0 100644 --- a/2013/1xxx/CVE-2013-1082.json +++ b/2013/1xxx/CVE-2013-1082.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7011896", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7011896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7011896", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7011896" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1148.json b/2013/1xxx/CVE-2013-1148.json index 031ef4a3998..b692e79734e 100644 --- a/2013/1xxx/CVE-2013-1148.json +++ b/2013/1xxx/CVE-2013-1148.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service (device reload) via crafted (1) IPv4 or (2) IPv6 IP SLA packets on UDP port 1167, aka Bug ID CSCuc72594." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130327 Cisco IOS Software IP Service Level Agreement Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ipsla" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service (device reload) via crafted (1) IPv4 or (2) IPv6 IP SLA packets on UDP port 1167, aka Bug ID CSCuc72594." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130327 Cisco IOS Software IP Service Level Agreement Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ipsla" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1176.json b/2013/1xxx/CVE-2013-1176.json index e04ea15fcf9..3bcc7745d8c 100644 --- a/2013/1xxx/CVE-2013-1176.json +++ b/2013/1xxx/CVE-2013-1176.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130417 Cisco TelePresence Infrastructure Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130417 Cisco TelePresence Infrastructure Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1452.json b/2013/1xxx/CVE-2013-1452.json index 39d89166d27..7a658af5045 100644 --- a/2013/1xxx/CVE-2013-1452.json +++ b/2013/1xxx/CVE-2013-1452.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1452", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1452", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5252.json b/2013/5xxx/CVE-2013-5252.json index cba0a6391e8..2de52c55991 100644 --- a/2013/5xxx/CVE-2013-5252.json +++ b/2013/5xxx/CVE-2013-5252.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5252", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5252", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5794.json b/2013/5xxx/CVE-2013-5794.json index 04631cdb87a..6c5f3fbedfe 100644 --- a/2013/5xxx/CVE-2013-5794.json +++ b/2013/5xxx/CVE-2013-5794.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal, a different vulnerability than CVE-2013-5841." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal, a different vulnerability than CVE-2013-5841." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5799.json b/2013/5xxx/CVE-2013-5799.json index d193dc4bbb5..dac9df98847 100644 --- a/2013/5xxx/CVE-2013-5799.json +++ b/2013/5xxx/CVE-2013-5799.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.2 allows remote attackers to affect integrity via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.2 allows remote attackers to affect integrity via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5942.json b/2013/5xxx/CVE-2013-5942.json index 8859a329b64..5f9f0610092 100644 --- a/2013/5xxx/CVE-2013-5942.json +++ b/2013/5xxx/CVE-2013-5942.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst", - "refsource" : "CONFIRM", - "url" : "https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst" - }, - { - "name" : "54556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst", + "refsource": "CONFIRM", + "url": "https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst" + }, + { + "name": "54556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54556" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5955.json b/2013/5xxx/CVE-2013-5955.json index f6b794ec1a6..79c3e006c3d 100644 --- a/2013/5xxx/CVE-2013-5955.json +++ b/2013/5xxx/CVE-2013-5955.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140315 [CVE-2013-5955] Cross-site scripting Vulnerability in the Pbbooking 2.4", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Mar/269" - }, - { - "name" : "http://packetstormsecurity.com/files/125734", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125734" - }, - { - "name" : "66257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66257" - }, - { - "name" : "pbbooking-manage-xss(91823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/125734", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125734" + }, + { + "name": "pbbooking-manage-xss(91823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91823" + }, + { + "name": "66257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66257" + }, + { + "name": "20140315 [CVE-2013-5955] Cross-site scripting Vulnerability in the Pbbooking 2.4", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Mar/269" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2029.json b/2014/2xxx/CVE-2014-2029.json index 03b2ecf1c37..d96e9496885 100644 --- a/2014/2xxx/CVE-2014-2029.json +++ b/2014/2xxx/CVE-2014-2029.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140219 Re: CVE Request: Percona Toolkit automatic version check - remote code execution / information leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/19/14" - }, - { - "name" : "https://bugs.launchpad.net/percona-toolkit/+bug/1279502", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/percona-toolkit/+bug/1279502" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=864194", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=864194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=864194", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=864194" + }, + { + "name": "[oss-security] 20140219 Re: CVE Request: Percona Toolkit automatic version check - remote code execution / information leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/19/14" + }, + { + "name": "https://bugs.launchpad.net/percona-toolkit/+bug/1279502", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/percona-toolkit/+bug/1279502" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2132.json b/2014/2xxx/CVE-2014-2132.json index a05102432c9..07974580802 100644 --- a/2014/2xxx/CVE-2014-2132.json +++ b/2014/2xxx/CVE-2014-2132.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140507 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140507 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2404.json b/2014/2xxx/CVE-2014-2404.json index bfe16c37b7f..3ba17a4e997 100644 --- a/2014/2xxx/CVE-2014-2404.json +++ b/2014/2xxx/CVE-2014-2404.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "66862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66862" + }, + { + "name": "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2739.json b/2014/2xxx/CVE-2014-2739.json index b628d7f6794..401cf24248a 100644 --- a/2014/2xxx/CVE-2014-2739.json +++ b/2014/2xxx/CVE-2014-2739.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-2739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140410 Re: CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/10/9" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b2853fd6c2d0f383dbdf7427e263eb576a633867", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b2853fd6c2d0f383dbdf7427e263eb576a633867" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1085415", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1085415" - }, - { - "name" : "https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867" - }, - { - "name" : "66716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140410 Re: CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/10/9" + }, + { + "name": "https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b2853fd6c2d0f383dbdf7427e263eb576a633867", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b2853fd6c2d0f383dbdf7427e263eb576a633867" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1085415", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085415" + }, + { + "name": "66716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66716" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2852.json b/2014/2xxx/CVE-2014-2852.json index 81290e58aaf..019957d48d0 100644 --- a/2014/2xxx/CVE-2014-2852.json +++ b/2014/2xxx/CVE-2014-2852.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog" - }, - { - "name" : "DSA-2899", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog" + }, + { + "name": "DSA-2899", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2899" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6103.json b/2014/6xxx/CVE-2014-6103.json index 0e50422bd77..3e69e299b90 100644 --- a/2014/6xxx/CVE-2014-6103.json +++ b/2014/6xxx/CVE-2014-6103.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6103", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6103", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6850.json b/2014/6xxx/CVE-2014-6850.json index 669c46e0533..a872a11cf8c 100644 --- a/2014/6xxx/CVE-2014-6850.json +++ b/2014/6xxx/CVE-2014-6850.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SED Account (aka com.starkville.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#497841", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/497841" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SED Account (aka com.starkville.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#497841", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/497841" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0088.json b/2017/0xxx/CVE-2017-0088.json index 602a61d095d..44b0c20e926 100644 --- a/2017/0xxx/CVE-2017-0088.json +++ b/2017/0xxx/CVE-2017-0088.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, and Windows 7 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Uniscribe Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, and Windows 7 SP1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41651", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41651/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088" - }, - { - "name" : "96605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96605" - }, - { - "name" : "1037992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Uniscribe Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088" + }, + { + "name": "41651", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41651/" + }, + { + "name": "96605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96605" + }, + { + "name": "1037992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037992" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0396.json b/2017/0xxx/CVE-2017-0396.json index 7e8da77c758..66381d8fabc 100644 --- a/2017/0xxx/CVE-2017-0396.json +++ b/2017/0xxx/CVE-2017-0396.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95232" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0423.json b/2017/0xxx/CVE-2017-0423.json index 1b93ababbc0..c35426a5f68 100644 --- a/2017/0xxx/CVE-2017-0423.json +++ b/2017/0xxx/CVE-2017-0423.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96102" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96102" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0506.json b/2017/0xxx/CVE-2017-0506.json index b1d0de116c7..4a9c4845cc7 100644 --- a/2017/0xxx/CVE-2017-0506.json +++ b/2017/0xxx/CVE-2017-0506.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32276718. References: M-ALPS03006904." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96726" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32276718. References: M-ALPS03006904." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96726" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0581.json b/2017/0xxx/CVE-2017-0581.json index 2e19ef454b7..97737d805f1 100644 --- a/2017/0xxx/CVE-2017-0581.json +++ b/2017/0xxx/CVE-2017-0581.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97335" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34614485." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97335" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0582.json b/2017/0xxx/CVE-2017-0582.json index 1bd5dd2a35c..162ed4e55e3 100644 --- a/2017/0xxx/CVE-2017-0582.json +++ b/2017/0xxx/CVE-2017-0582.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97356", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97356" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97356", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97356" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000073.json b/2017/1000xxx/CVE-2017-1000073.json index 766177ebf4b..3046f6bf52b 100644 --- a/2017/1000xxx/CVE-2017-1000073.json +++ b/2017/1000xxx/CVE-2017-1000073.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.323502", - "ID" : "CVE-2017-1000073", - "REQUESTER" : "robin.williams@rsmus.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gravity", - "version" : { - "version_data" : [ - { - "version_value" : "1" - } - ] - } - } - ] - }, - "vendor_name" : "Creolabs Gravity" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heapoverflow/Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.323502", + "ID": "CVE-2017-1000073", + "REQUESTER": "robin.williams@rsmus.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/marcobambini/gravity/issues/129", - "refsource" : "CONFIRM", - "url" : "https://github.com/marcobambini/gravity/issues/129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/marcobambini/gravity/issues/129", + "refsource": "CONFIRM", + "url": "https://github.com/marcobambini/gravity/issues/129" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000110.json b/2017/1000xxx/CVE-2017-1000110.json index 61a45da2bca..c02657ce68d 100644 --- a/2017/1000xxx/CVE-2017-1000110.json +++ b/2017/1000xxx/CVE-2017-1000110.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.323440", - "ID" : "CVE-2017-1000110", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Blue Ocean Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.1.5 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Blue Ocean Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.323440", + "ID": "CVE-2017-1000110", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-08-07/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-08-07/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-08-07/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-08-07/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000488.json b/2017/1000xxx/CVE-2017-1000488.json index 129657d0408..551364cffe8 100644 --- a/2017/1000xxx/CVE-2017-1000488.json +++ b/2017/1000xxx/CVE-2017-1000488.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000488", - "REQUESTER" : "alan.hartless@mautic.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mautic", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.0 - 2.11.0" - } - ] - } - } - ] - }, - "vendor_name" : "Mautic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000488", + "REQUESTER": "alan.hartless@mautic.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mautic/mautic/releases/tag/2.12.0", - "refsource" : "MISC", - "url" : "https://github.com/mautic/mautic/releases/tag/2.12.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mautic/mautic/releases/tag/2.12.0", + "refsource": "MISC", + "url": "https://github.com/mautic/mautic/releases/tag/2.12.0" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16162.json b/2017/16xxx/CVE-2017-16162.json index bd7aa21d0cb..9fea03c4baa 100644 --- a/2017/16xxx/CVE-2017-16162.json +++ b/2017/16xxx/CVE-2017-16162.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "22lixian node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "22lixian node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/22lixian", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/22lixian" - }, - { - "name" : "https://nodesecurity.io/advisories/390", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/390", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/390" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/22lixian", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/22lixian" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16566.json b/2017/16xxx/CVE-2017-16566.json index 7f9181b5a9e..12a96b2dbac 100644 --- a/2017/16xxx/CVE-2017-16566.json +++ b/2017/16xxx/CVE-2017-16566.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://siggyd.github.io/Advisories/CVE-2017-16566", - "refsource" : "MISC", - "url" : "https://siggyd.github.io/Advisories/CVE-2017-16566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://siggyd.github.io/Advisories/CVE-2017-16566", + "refsource": "MISC", + "url": "https://siggyd.github.io/Advisories/CVE-2017-16566" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16871.json b/2017/16xxx/CVE-2017-16871.json index 64cbb449109..a5d8b1002d2 100644 --- a/2017/16xxx/CVE-2017-16871.json +++ b/2017/16xxx/CVE-2017-16871.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LoRexxar/CVE_Request/tree/master/wordpress%20plugin%20updraftplus%20vulnerablity#authenticated--upload-file-and-php-code-execution", - "refsource" : "MISC", - "url" : "https://github.com/LoRexxar/CVE_Request/tree/master/wordpress%20plugin%20updraftplus%20vulnerablity#authenticated--upload-file-and-php-code-execution" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LoRexxar/CVE_Request/tree/master/wordpress%20plugin%20updraftplus%20vulnerablity#authenticated--upload-file-and-php-code-execution", + "refsource": "MISC", + "url": "https://github.com/LoRexxar/CVE_Request/tree/master/wordpress%20plugin%20updraftplus%20vulnerablity#authenticated--upload-file-and-php-code-execution" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1073.json b/2017/1xxx/CVE-2017-1073.json index 3dd0a924545..1548076e0d2 100644 --- a/2017/1xxx/CVE-2017-1073.json +++ b/2017/1xxx/CVE-2017-1073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1073", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1073", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1968.json b/2017/1xxx/CVE-2017-1968.json index 688ff2c61fb..d4d9c941ef4 100644 --- a/2017/1xxx/CVE-2017-1968.json +++ b/2017/1xxx/CVE-2017-1968.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1968", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1968", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4471.json b/2017/4xxx/CVE-2017-4471.json index 16e5dbf05eb..d738c197c94 100644 --- a/2017/4xxx/CVE-2017-4471.json +++ b/2017/4xxx/CVE-2017-4471.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4471", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4471", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4812.json b/2017/4xxx/CVE-2017-4812.json index ca737fbb494..45f8019d777 100644 --- a/2017/4xxx/CVE-2017-4812.json +++ b/2017/4xxx/CVE-2017-4812.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4812", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4812", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4879.json b/2017/4xxx/CVE-2017-4879.json index 51d14a0d9a1..6cbc15e6f6c 100644 --- a/2017/4xxx/CVE-2017-4879.json +++ b/2017/4xxx/CVE-2017-4879.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4879", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4879", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5459.json b/2018/5xxx/CVE-2018-5459.json index ebb814f7106..e6411fcf488 100644 --- a/2018/5xxx/CVE-2018-5459.json +++ b/2018/5xxx/CVE-2018-5459.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-5459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WAGO PFC200 Series", - "version" : { - "version_data" : [ - { - "version_value" : "WAGO PFC200 Series" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-5459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Series", + "version": { + "version_data": [ + { + "version_value": "WAGO PFC200 Series" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01" + } + ] + } +} \ No newline at end of file