diff --git a/2001/0xxx/CVE-2001-0124.json b/2001/0xxx/CVE-2001-0124.json index 4e96b23c9f0..876d91fe7e1 100644 --- a/2001/0xxx/CVE-2001-0124.json +++ b/2001/0xxx/CVE-2001-0124.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010109 Solaris /usr/lib/exrecover buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97908386502156&w=2" - }, - { - "name" : "solaris-exrecover-bo(5913)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5913" - }, - { - "name" : "2179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2179" + }, + { + "name": "solaris-exrecover-bo(5913)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5913" + }, + { + "name": "20010109 Solaris /usr/lib/exrecover buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97908386502156&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0616.json b/2001/0xxx/CVE-2001-0616.json index 86f861c0dee..173359c769b 100644 --- a/2001/0xxx/CVE-2001-0616.json +++ b/2001/0xxx/CVE-2001-0616.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010525 Advisory for Freestyle Chat server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html" - }, - { - "name" : "2777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2777" - }, - { - "name" : "freestyle-chat-device-dos(6602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freestyle-chat-device-dos(6602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6602" + }, + { + "name": "2777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2777" + }, + { + "name": "20010525 Advisory for Freestyle Chat server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0621.json b/2001/0xxx/CVE-2001-0621.json index ddbcb1e5bcd..04c0c26a562 100644 --- a/2001/0xxx/CVE-2001-0621.json +++ b/2001/0xxx/CVE-2001-0621.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010517 Cisco Content Service Switch 11000 Series FTP Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml" - }, - { - "name" : "L-085", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-085.shtml" - }, - { - "name" : "cisco-css-ftp-commands(6557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6557" - }, - { - "name" : "2745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2745" - }, - { - "name" : "1834", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "L-085", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-085.shtml" + }, + { + "name": "cisco-css-ftp-commands(6557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6557" + }, + { + "name": "2745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2745" + }, + { + "name": "20010517 Cisco Content Service Switch 11000 Series FTP Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml" + }, + { + "name": "1834", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1834" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0715.json b/2001/0xxx/CVE-2001-0715.json index 041b57e07dd..55fbee51912 100644 --- a/2001/0xxx/CVE-2001-0715.json +++ b/2001/0xxx/CVE-2001-0715.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011001 Multiple Local Sendmail Vulnerabilities", - "refsource" : "BINDVIEW", - "url" : "http://razor.bindview.com/publish/advisories/adv_sm812.html" - }, - { - "name" : "20011101-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20011101-01-I" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011101-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20011101-01-I" + }, + { + "name": "20011001 Multiple Local Sendmail Vulnerabilities", + "refsource": "BINDVIEW", + "url": "http://razor.bindview.com/publish/advisories/adv_sm812.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0921.json b/2001/0xxx/CVE-2001-0921.json index 021b7f6b1c6..541ef464c7e 100644 --- a/2001/0xxx/CVE-2001-0921.json +++ b/2001/0xxx/CVE-2001-0921.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011121 Mac Netscape password fields", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100638816318705&w=2" - }, - { - "name" : "macos-netscape-print-passwords(7593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7593" - }, - { - "name" : "3565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3565" - }, - { - "name" : "5524", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5524", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5524" + }, + { + "name": "20011121 Mac Netscape password fields", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100638816318705&w=2" + }, + { + "name": "3565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3565" + }, + { + "name": "macos-netscape-print-passwords(7593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7593" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1580.json b/2001/1xxx/CVE-2001-1580.json index fb9fa5a66f9..503783053a7 100644 --- a/2001/1xxx/CVE-2001-1580.json +++ b/2001/1xxx/CVE-2001-1580.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via \"..\" sequences in the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011219 IRM Security Advisory 002: Netware Web Server Source Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0204.html" - }, - { - "name" : "20011220 Re: IRM Security Advisory 002: Netware Web Server Source Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0218.html" - }, - { - "name" : "20011220 Re: IRM Security Advisory 002: Netware Web Server Source Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0221.html" - }, - { - "name" : "3715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3715" - }, - { - "name" : "netware-webserver-directory-traversal(7726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via \"..\" sequences in the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011220 Re: IRM Security Advisory 002: Netware Web Server Source Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0221.html" + }, + { + "name": "20011220 Re: IRM Security Advisory 002: Netware Web Server Source Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0218.html" + }, + { + "name": "netware-webserver-directory-traversal(7726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7726" + }, + { + "name": "20011219 IRM Security Advisory 002: Netware Web Server Source Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0204.html" + }, + { + "name": "3715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3715" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2367.json b/2006/2xxx/CVE-2006-2367.json index f3a7916d3c7..26648b3ad83 100644 --- a/2006/2xxx/CVE-2006-2367.json +++ b/2006/2xxx/CVE-2006-2367.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060412 Clansys v.1.1 Multiple Xss Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-04/0238.html" - }, - { - "name" : "http://soot.shabgard.org/bugs/Clansys.txt", - "refsource" : "MISC", - "url" : "http://soot.shabgard.org/bugs/Clansys.txt" - }, - { - "name" : "1015934", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015934" - }, - { - "name" : "19609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19609" - }, - { - "name" : "892", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/892" - }, - { - "name" : "clansys-index-xss(25783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "892", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/892" + }, + { + "name": "http://soot.shabgard.org/bugs/Clansys.txt", + "refsource": "MISC", + "url": "http://soot.shabgard.org/bugs/Clansys.txt" + }, + { + "name": "1015934", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015934" + }, + { + "name": "20060412 Clansys v.1.1 Multiple Xss Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0238.html" + }, + { + "name": "clansys-index-xss(25783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25783" + }, + { + "name": "19609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19609" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2659.json b/2006/2xxx/CVE-2006-2659.json index 46b256023d0..dd4eb39bc86 100644 --- a/2006/2xxx/CVE-2006-2659.json +++ b/2006/2xxx/CVE-2006-2659.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the \"=\" (equals) character, which is not properly handled during encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.courier-mta.org/beta/patches/verp-fix/README.txt", - "refsource" : "CONFIRM", - "url" : "http://www.courier-mta.org/beta/patches/verp-fix/README.txt" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834" - }, - { - "name" : "DSA-1101", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1101" - }, - { - "name" : "GLSA-200608-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-06.xml" - }, - { - "name" : "USN-294-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/294-1/" - }, - { - "name" : "18345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18345" - }, - { - "name" : "ADV-2006-2214", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2214" - }, - { - "name" : "1016248", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016248" - }, - { - "name" : "20519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20519" - }, - { - "name" : "20548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20548" - }, - { - "name" : "20792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20792" - }, - { - "name" : "21350", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21350" - }, - { - "name" : "courier-usernames-dos(26998)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the \"=\" (equals) character, which is not properly handled during encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834" + }, + { + "name": "courier-usernames-dos(26998)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26998" + }, + { + "name": "GLSA-200608-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-06.xml" + }, + { + "name": "18345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18345" + }, + { + "name": "20548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20548" + }, + { + "name": "20519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20519" + }, + { + "name": "http://www.courier-mta.org/beta/patches/verp-fix/README.txt", + "refsource": "CONFIRM", + "url": "http://www.courier-mta.org/beta/patches/verp-fix/README.txt" + }, + { + "name": "21350", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21350" + }, + { + "name": "DSA-1101", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1101" + }, + { + "name": "ADV-2006-2214", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2214" + }, + { + "name": "USN-294-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/294-1/" + }, + { + "name": "20792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20792" + }, + { + "name": "1016248", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016248" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2935.json b/2006/2xxx/CVE-2006-2935.json index 2e02c04e276..6139e3a967d 100644 --- a/2006/2xxx/CVE-2006-2935.json +++ b/2006/2xxx/CVE-2006-2935.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060831 rPSA-2006-0162-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444887/100/0/threaded" - }, - { - "name" : "http://bugzilla.kernel.org/show_bug.cgi?id=2966", - "refsource" : "MISC", - "url" : "http://bugzilla.kernel.org/show_bug.cgi?id=2966" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197670", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197670" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-611", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-611" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm" - }, - { - "name" : "DSA-1183", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1183" - }, - { - "name" : "DSA-1184", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1184" - }, - { - "name" : "MDKSA-2006:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150" - }, - { - "name" : "MDKSA-2006:151", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151" - }, - { - "name" : "RHSA-2006:0617", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0617.html" - }, - { - "name" : "RHSA-2006:0710", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0710.html" - }, - { - "name" : "RHSA-2007:0012", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0012.html" - }, - { - "name" : "RHSA-2007:0013", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0013.html" - }, - { - "name" : "SUSE-SA:2006:042", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_42_kernel.html" - }, - { - "name" : "SUSE-SA:2006:047", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_47_kernel.html" - }, - { - "name" : "SUSE-SA:2006:049", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_49_kernel.html" - }, - { - "name" : "SUSE-SA:2006:064", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_64_kernel.html" - }, - { - "name" : "USN-331-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-331-1" - }, - { - "name" : "USN-346-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-346-1" - }, - { - "name" : "18847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18847" - }, - { - "name" : "oval:org.mitre.oval:def:10886", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10886" - }, - { - "name" : "ADV-2006-2680", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2680" - }, - { - "name" : "21179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21179" - }, - { - "name" : "21298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21298" - }, - { - "name" : "21605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21605" - }, - { - "name" : "21614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21614" - }, - { - "name" : "21695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21695" - }, - { - "name" : "22082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22082" - }, - { - "name" : "22093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22093" - }, - { - "name" : "22174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22174" - }, - { - "name" : "22497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22497" - }, - { - "name" : "23064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23064" - }, - { - "name" : "21934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21934" - }, - { - "name" : "23788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23788" - }, - { - "name" : "22822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22822" - }, - { - "name" : "21498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21498" - }, - { - "name" : "24288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24288" - }, - { - "name" : "linux-dvdreadbca-bo(27579)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-331-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-331-1" + }, + { + "name": "21934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21934" + }, + { + "name": "SUSE-SA:2006:042", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html" + }, + { + "name": "RHSA-2007:0012", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0012.html" + }, + { + "name": "RHSA-2006:0617", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0617.html" + }, + { + "name": "http://bugzilla.kernel.org/show_bug.cgi?id=2966", + "refsource": "MISC", + "url": "http://bugzilla.kernel.org/show_bug.cgi?id=2966" + }, + { + "name": "21298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21298" + }, + { + "name": "23788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23788" + }, + { + "name": "21695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21695" + }, + { + "name": "21605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21605" + }, + { + "name": "SUSE-SA:2006:047", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_47_kernel.html" + }, + { + "name": "DSA-1183", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1183" + }, + { + "name": "MDKSA-2006:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150" + }, + { + "name": "RHSA-2007:0013", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0013.html" + }, + { + "name": "MDKSA-2006:151", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151" + }, + { + "name": "22082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22082" + }, + { + "name": "21614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21614" + }, + { + "name": "SUSE-SA:2006:064", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_64_kernel.html" + }, + { + "name": "linux-dvdreadbca-bo(27579)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27579" + }, + { + "name": "22174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22174" + }, + { + "name": "oval:org.mitre.oval:def:10886", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10886" + }, + { + "name": "24288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24288" + }, + { + "name": "ADV-2006-2680", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2680" + }, + { + "name": "22822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22822" + }, + { + "name": "23064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23064" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197670", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197670" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm" + }, + { + "name": "USN-346-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-346-1" + }, + { + "name": "18847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18847" + }, + { + "name": "22497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22497" + }, + { + "name": "21498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21498" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm" + }, + { + "name": "RHSA-2006:0710", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0710.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-611", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-611" + }, + { + "name": "20060831 rPSA-2006-0162-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444887/100/0/threaded" + }, + { + "name": "SUSE-SA:2006:049", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_49_kernel.html" + }, + { + "name": "22093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22093" + }, + { + "name": "DSA-1184", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1184" + }, + { + "name": "21179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21179" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2983.json b/2006/2xxx/CVE-2006-2983.json index d53f5239ee3..8c703025b4e 100644 --- a/2006/2xxx/CVE-2006-2983.json +++ b/2006/2xxx/CVE-2006-2983.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-2219", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2219" - }, - { - "name" : "26418", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26418", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26418" + }, + { + "name": "ADV-2006-2219", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2219" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5349.json b/2008/5xxx/CVE-2008-5349.json index 6f1c49834f8..7b6a5ea0f93 100644 --- a/2008/5xxx/CVE-2008-5349.json +++ b/2008/5xxx/CVE-2008-5349.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" - }, - { - "name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", - "refsource" : "CONFIRM", - "url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBMA02429", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "SSRT090058", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "HPSBUX02429", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/504010/100/0/threaded" - }, - { - "name" : "RHSA-2008:1018", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-1018.html" - }, - { - "name" : "RHSA-2008:1025", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-1025.html" - }, - { - "name" : "RHSA-2009:0016", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0016.html" - }, - { - "name" : "RHSA-2009:0466", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-0466.html" - }, - { - "name" : "246286", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-246286-1" - }, - { - "name" : "SUSE-SR:2009:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2009:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" - }, - { - "name" : "TA08-340A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" - }, - { - "name" : "32608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32608" - }, - { - "name" : "50504", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50504" - }, - { - "name" : "oval:org.mitre.oval:def:5843", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5843" - }, - { - "name" : "34259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34259" - }, - { - "name" : "34972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34972" - }, - { - "name" : "35255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35255" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "ADV-2008-3339", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3339" - }, - { - "name" : "1021309", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021309" - }, - { - "name" : "32991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32991" - }, - { - "name" : "33015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33015" - }, - { - "name" : "33709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33709" - }, - { - "name" : "ADV-2009-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1426" - }, - { - "name" : "sun-jre-rsa-dos(47064)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT090058", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "34259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34259" + }, + { + "name": "sun-jre-rsa-dos(47064)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47064" + }, + { + "name": "RHSA-2008:1018", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html" + }, + { + "name": "33015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33015" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm" + }, + { + "name": "HPSBUX02429", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/504010/100/0/threaded" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", + "refsource": "CONFIRM", + "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" + }, + { + "name": "35255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35255" + }, + { + "name": "34972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34972" + }, + { + "name": "RHSA-2009:0466", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-0466.html" + }, + { + "name": "SUSE-SR:2009:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" + }, + { + "name": "ADV-2009-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1426" + }, + { + "name": "RHSA-2008:1025", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-1025.html" + }, + { + "name": "ADV-2008-3339", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3339" + }, + { + "name": "RHSA-2009:0016", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0016.html" + }, + { + "name": "TA08-340A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" + }, + { + "name": "33709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33709" + }, + { + "name": "HPSBMA02429", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" + }, + { + "name": "50504", + "refsource": "OSVDB", + "url": "http://osvdb.org/50504" + }, + { + "name": "oval:org.mitre.oval:def:5843", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5843" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "246286", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-246286-1" + }, + { + "name": "32991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32991" + }, + { + "name": "32608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32608" + }, + { + "name": "SUSE-SR:2009:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "1021309", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021309" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5446.json b/2008/5xxx/CVE-2008-5446.json index 79cfd2cc367..e3ea0b4cb30 100644 --- a/2008/5xxx/CVE-2008-5446.json +++ b/2008/5xxx/CVE-2008-5446.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the \"About Us Page\" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-5446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090118 Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500171/100/0/threaded" - }, - { - "name" : "http://secniche.org/papers/orabs.pdf", - "refsource" : "MISC", - "url" : "http://secniche.org/papers/orabs.pdf" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "1021568", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021568" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the \"About Us Page\" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "20090118 Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500171/100/0/threaded" + }, + { + "name": "http://secniche.org/papers/orabs.pdf", + "refsource": "MISC", + "url": "http://secniche.org/papers/orabs.pdf" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + }, + { + "name": "1021568", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021568" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5501.json b/2008/5xxx/CVE-2008-5501.json index b2971740829..f59bb9f3730 100644 --- a/2008/5xxx/CVE-2008-5501.json +++ b/2008/5xxx/CVE-2008-5501.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=395623", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=395623" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-60.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-60.html" - }, - { - "name" : "MDVSA-2008:245", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245" - }, - { - "name" : "RHSA-2008:1036", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1036.html" - }, - { - "name" : "RHSA-2008:1037", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1037.html" - }, - { - "name" : "RHSA-2009:0002", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0002.html" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "USN-690-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/690-1/" - }, - { - "name" : "32882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32882" - }, - { - "name" : "oval:org.mitre.oval:def:10257", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10257" - }, - { - "name" : "1021417", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021417" - }, - { - "name" : "33216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33216" - }, - { - "name" : "33188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33188" - }, - { - "name" : "33189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33189" - }, - { - "name" : "33203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33203" - }, - { - "name" : "33421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33421" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - }, - { - "name" : "mozilla-layout-code-execution-var4(47407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32882" + }, + { + "name": "33421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33421" + }, + { + "name": "RHSA-2008:1036", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=395623", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=395623" + }, + { + "name": "MDVSA-2008:245", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245" + }, + { + "name": "USN-690-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/690-1/" + }, + { + "name": "33203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33203" + }, + { + "name": "oval:org.mitre.oval:def:10257", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10257" + }, + { + "name": "33216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33216" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "RHSA-2008:1037", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1037.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-60.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-60.html" + }, + { + "name": "RHSA-2009:0002", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0002.html" + }, + { + "name": "33188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33188" + }, + { + "name": "mozilla-layout-code-execution-var4(47407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47407" + }, + { + "name": "1021417", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021417" + }, + { + "name": "33189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33189" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5642.json b/2008/5xxx/CVE-2008-5642.json index 2dfb5f04976..091fbaf0244 100644 --- a/2008/5xxx/CVE-2008-5642.json +++ b/2008/5xxx/CVE-2008-5642.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7285", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7285" - }, - { - "name" : "32535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32535" - }, - { - "name" : "ADV-2008-3306", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3306" - }, - { - "name" : "32924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32924" - }, - { - "name" : "4775", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4775" - }, - { - "name" : "cmsmadesimple-login-file-include(46942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7285", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7285" + }, + { + "name": "32924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32924" + }, + { + "name": "4775", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4775" + }, + { + "name": "32535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32535" + }, + { + "name": "cmsmadesimple-login-file-include(46942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46942" + }, + { + "name": "ADV-2008-3306", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3306" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5773.json b/2008/5xxx/CVE-2008-5773.json index 2668fa15a8a..3129aa5a822 100644 --- a/2008/5xxx/CVE-2008-5773.json +++ b/2008/5xxx/CVE-2008-5773.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7491", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7491" - }, - { - "name" : "33165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33165" - }, - { - "name" : "4840", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7491", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7491" + }, + { + "name": "4840", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4840" + }, + { + "name": "33165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33165" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2041.json b/2011/2xxx/CVE-2011-2041.json index aeb89500619..856eb28b68a 100644 --- a/2011/2xxx/CVE-2011-2041.json +++ b/2011/2xxx/CVE-2011-2041.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml" - }, - { - "name" : "48077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48077" - }, - { - "name" : "72716", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72716" - }, - { - "name" : "1025591", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml" + }, + { + "name": "72716", + "refsource": "OSVDB", + "url": "http://osvdb.org/72716" + }, + { + "name": "1025591", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025591" + }, + { + "name": "48077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48077" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2205.json b/2011/2xxx/CVE-2011-2205.json index 50847a6b857..8a706cf0c16 100644 --- a/2011/2xxx/CVE-2011-2205.json +++ b/2011/2xxx/CVE-2011-2205.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/14/6" - }, - { - "name" : "[oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/15/5" - }, - { - "name" : "http://blog.prosody.im/prosody-0-8-1-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.prosody.im/prosody-0-8-1-released/" - }, - { - "name" : "http://hg.prosody.im/0.8/rev/5305a665bdd4", - "refsource" : "CONFIRM", - "url" : "http://hg.prosody.im/0.8/rev/5305a665bdd4" - }, - { - "name" : "http://hg.prosody.im/0.8/rev/ee6a18f10a8d", - "refsource" : "CONFIRM", - "url" : "http://hg.prosody.im/0.8/rev/ee6a18f10a8d" - }, - { - "name" : "http://prosody.im/doc/release/0.8.1", - "refsource" : "CONFIRM", - "url" : "http://prosody.im/doc/release/0.8.1" - }, - { - "name" : "48125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48125" - }, - { - "name" : "44852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44852" - }, - { - "name" : "prosody-xml-dos(67884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.prosody.im/prosody-0-8-1-released/", + "refsource": "CONFIRM", + "url": "http://blog.prosody.im/prosody-0-8-1-released/" + }, + { + "name": "http://hg.prosody.im/0.8/rev/5305a665bdd4", + "refsource": "CONFIRM", + "url": "http://hg.prosody.im/0.8/rev/5305a665bdd4" + }, + { + "name": "prosody-xml-dos(67884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67884" + }, + { + "name": "http://hg.prosody.im/0.8/rev/ee6a18f10a8d", + "refsource": "CONFIRM", + "url": "http://hg.prosody.im/0.8/rev/ee6a18f10a8d" + }, + { + "name": "[oss-security] 20110615 Re: CVE Request: prosody DoS, djabberd external entity injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/15/5" + }, + { + "name": "44852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44852" + }, + { + "name": "http://prosody.im/doc/release/0.8.1", + "refsource": "CONFIRM", + "url": "http://prosody.im/doc/release/0.8.1" + }, + { + "name": "[oss-security] 20110614 CVE Request: prosody DoS, djabberd external entity injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/14/6" + }, + { + "name": "48125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48125" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2288.json b/2011/2xxx/CVE-2011-2288.json index f02feec3db8..09f09601959 100644 --- a/2011/2xxx/CVE-2011-2288.json +++ b/2011/2xxx/CVE-2011-2288.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers to affect confidentiality, integrity, and availability, related to ILOM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers to affect confidentiality, integrity, and availability, related to ILOM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2465.json b/2011/2xxx/CVE-2011-2465.json index 4484429b543..11104809613 100644 --- a/2011/2xxx/CVE-2011-2465.json +++ b/2011/2xxx/CVE-2011-2465.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110705 Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518750/100/0/threaded" - }, - { - "name" : "http://www.isc.org/software/bind/advisories/cve-2011-2465", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/software/bind/advisories/cve-2011-2465" - }, - { - "name" : "FEDORA-2011-9146", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html" - }, - { - "name" : "SUSE-SA:2011:029", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html" - }, - { - "name" : "VU#137968", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/137968" - }, - { - "name" : "48565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48565" - }, - { - "name" : "73604", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73604" - }, - { - "name" : "1025743", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025743" - }, - { - "name" : "45185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45185" - }, - { - "name" : "iscbind-rpz-dos(68374)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45185" + }, + { + "name": "20110705 Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518750/100/0/threaded" + }, + { + "name": "1025743", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025743" + }, + { + "name": "http://www.isc.org/software/bind/advisories/cve-2011-2465", + "refsource": "CONFIRM", + "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465" + }, + { + "name": "73604", + "refsource": "OSVDB", + "url": "http://osvdb.org/73604" + }, + { + "name": "VU#137968", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/137968" + }, + { + "name": "48565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48565" + }, + { + "name": "FEDORA-2011-9146", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html" + }, + { + "name": "SUSE-SA:2011:029", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html" + }, + { + "name": "iscbind-rpz-dos(68374)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68374" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2584.json b/2011/2xxx/CVE-2011-2584.json index d245193118c..740f832aa0c 100644 --- a/2011/2xxx/CVE-2011-2584.json +++ b/2011/2xxx/CVE-2011-2584.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4) Transcoding administration pages, and cause a denial of service (live event outage) or obtain potentially sensitive information, via unspecified vectors, aka Bug ID CSCto73758." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111019 Cisco Show and Share Security Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-sns" - }, - { - "name" : "50282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50282" - }, - { - "name" : "cisco-show-pages-sec-bypass(70757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4) Transcoding administration pages, and cause a denial of service (live event outage) or obtain potentially sensitive information, via unspecified vectors, aka Bug ID CSCto73758." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-show-pages-sec-bypass(70757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70757" + }, + { + "name": "50282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50282" + }, + { + "name": "20111019 Cisco Show and Share Security Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-sns" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2922.json b/2011/2xxx/CVE-2011-2922.json index 126765210d8..937280e0348 100644 --- a/2011/2xxx/CVE-2011-2922.json +++ b/2011/2xxx/CVE-2011-2922.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2922", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2922", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3481.json b/2011/3xxx/CVE-2011-3481.json index cdb327673ef..a7343be3aa7 100644 --- a/2011/3xxx/CVE-2011-3481.json +++ b/2011/3xxx/CVE-2011-3481.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772" - }, - { - "name" : "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463" - }, - { - "name" : "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5", - "refsource" : "CONFIRM", - "url" : "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5" - }, - { - "name" : "MDVSA-2012:037", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037" - }, - { - "name" : "RHSA-2011:1508", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1508.html" - }, - { - "name" : "cyrus-imap-indexgetids-dos(69842)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5", + "refsource": "CONFIRM", + "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5" + }, + { + "name": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463", + "refsource": "CONFIRM", + "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463" + }, + { + "name": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772", + "refsource": "CONFIRM", + "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772" + }, + { + "name": "cyrus-imap-indexgetids-dos(69842)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69842" + }, + { + "name": "RHSA-2011:1508", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html" + }, + { + "name": "MDVSA-2012:037", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:037" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3749.json b/2011/3xxx/CVE-2011-3749.json index 8b339f1afe6..cc90a5f9b06 100644 --- a/2011/3xxx/CVE-2011-3749.json +++ b/2011/3xxx/CVE-2011-3749.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/ka-map-1.0-20070205", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/ka-map-1.0-20070205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/ka-map-1.0-20070205", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/ka-map-1.0-20070205" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3864.json b/2011/3xxx/CVE-2011-3864.json index 46709a40cc8..bfdf56c656d 100644 --- a/2011/3xxx/CVE-2011-3864.json +++ b/2011/3xxx/CVE-2011-3864.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sitewat.ch/en/Advisories/23", - "refsource" : "MISC", - "url" : "https://sitewat.ch/en/Advisories/23" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sitewat.ch/en/Advisories/23", + "refsource": "MISC", + "url": "https://sitewat.ch/en/Advisories/23" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3885.json b/2011/3xxx/CVE-2011-3885.json index 904eec8fe88..91393eb97b2 100644 --- a/2011/3xxx/CVE-2011-3885.json +++ b/2011/3xxx/CVE-2011-3885.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=100059", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=100059" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=97599", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=97599" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=98064", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=98064" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=98556", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=98556" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=99294", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=99294" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=99880", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=99880" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" - }, - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:13216", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13216" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "chrome-stale-style-code-exec(70963)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70963" - }, - { - "name" : "apple-webkit-cve20113885-code-execution(73804)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apple-webkit-cve20113885-code-execution(73804)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73804" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=99294", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=99294" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=98064", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=98064" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=99880", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=99880" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=97599", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=97599" + }, + { + "name": "chrome-stale-style-code-exec(70963)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70963" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=98556", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=98556" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=100059", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=100059" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "oval:org.mitre.oval:def:13216", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13216" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0143.json b/2013/0xxx/CVE-2013-0143.json index 5182076c315..5be02546e7a 100644 --- a/2013/0xxx/CVE-2013-0143.json +++ b/2013/0xxx/CVE-2013-0143.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-0143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#927644", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/927644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#927644", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/927644" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0700.json b/2013/0xxx/CVE-2013-0700.json index ee67ef3716d..26ad7240c4f 100644 --- a/2013/0xxx/CVE-2013-0700.json +++ b/2013/0xxx/CVE-2013-0700.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-0700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0718.json b/2013/0xxx/CVE-2013-0718.json index 7d16d66bd43..f230c9bd36e 100644 --- a/2013/0xxx/CVE-2013-0718.json +++ b/2013/0xxx/CVE-2013-0718.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-0718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#77360971", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN77360971/index.html" - }, - { - "name" : "JVNDB-2013-000029", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2013-000029", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000029" + }, + { + "name": "JVN#77360971", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN77360971/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0994.json b/2013/0xxx/CVE-2013-0994.json index 4889f5921a4..08dc3317201 100644 --- a/2013/0xxx/CVE-2013-0994.json +++ b/2013/0xxx/CVE-2013-0994.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5766", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5766" - }, - { - "name" : "http://support.apple.com/kb/HT5785", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5785" - }, - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "APPLE-SA-2013-05-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" - }, - { - "name" : "APPLE-SA-2013-06-04-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:17400", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17400" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17400", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17400" + }, + { + "name": "http://support.apple.com/kb/HT5785", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5785" + }, + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "APPLE-SA-2013-06-04-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT5766", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5766" + }, + { + "name": "APPLE-SA-2013-05-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1572.json b/2013/1xxx/CVE-2013-1572.json index ee90d0481ca..d0f311dc1c7 100644 --- a/2013/1xxx/CVE-2013-1572.json +++ b/2013/1xxx/CVE-2013-1572.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-slowprotocols.c?r1=46336&r2=46335&pathrev=46336", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-slowprotocols.c?r1=46336&r2=46335&pathrev=46336" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46336", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46336" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-01.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8036", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8036" - }, - { - "name" : "openSUSE-SU-2013:0276", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html" - }, - { - "name" : "openSUSE-SU-2013:0285", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html" - }, - { - "name" : "oval:org.mitre.oval:def:16423", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-01.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-01.html" + }, + { + "name": "oval:org.mitre.oval:def:16423", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16423" + }, + { + "name": "openSUSE-SU-2013:0285", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-slowprotocols.c?r1=46336&r2=46335&pathrev=46336", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-slowprotocols.c?r1=46336&r2=46335&pathrev=46336" + }, + { + "name": "openSUSE-SU-2013:0276", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8036", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8036" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46336", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46336" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1611.json b/2013/1xxx/CVE-2013-1611.json index 4a0e730aa63..6068ff2510d 100644 --- a/2013/1xxx/CVE-2013-1611.json +++ b/2013/1xxx/CVE-2013-1611.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-1611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130508_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130508_00" - }, - { - "name" : "59700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130508_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130508_00" + }, + { + "name": "59700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59700" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1680.json b/2013/1xxx/CVE-2013-1680.json index b333fda5493..74bd4defe60 100644 --- a/2013/1xxx/CVE-2013-1680.json +++ b/2013/1xxx/CVE-2013-1680.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=850931", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=850931" - }, - { - "name" : "DSA-2699", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2699" - }, - { - "name" : "MDVSA-2013:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" - }, - { - "name" : "RHSA-2013:0820", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0820.html" - }, - { - "name" : "RHSA-2013:0821", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0821.html" - }, - { - "name" : "openSUSE-SU-2013:0831", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:0834", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" - }, - { - "name" : "openSUSE-SU-2013:0825", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0929", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" - }, - { - "name" : "openSUSE-SU-2013:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" - }, - { - "name" : "USN-1822-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1822-1" - }, - { - "name" : "USN-1823-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1823-1" - }, - { - "name" : "59861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59861" - }, - { - "name" : "oval:org.mitre.oval:def:17031", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2699", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2699" + }, + { + "name": "MDVSA-2013:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" + }, + { + "name": "openSUSE-SU-2013:0825", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" + }, + { + "name": "USN-1823-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1823-1" + }, + { + "name": "RHSA-2013:0821", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0821.html" + }, + { + "name": "openSUSE-SU-2013:0929", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" + }, + { + "name": "openSUSE-SU-2013:0831", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" + }, + { + "name": "59861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59861" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=850931", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=850931" + }, + { + "name": "RHSA-2013:0820", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0820.html" + }, + { + "name": "openSUSE-SU-2013:0834", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" + }, + { + "name": "openSUSE-SU-2013:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" + }, + { + "name": "oval:org.mitre.oval:def:17031", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17031" + }, + { + "name": "USN-1822-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1822-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4078.json b/2013/4xxx/CVE-2013-4078.json index 90023c284ad..67f1121fbe4 100644 --- a/2013/4xxx/CVE-2013-4078.json +++ b/2013/4xxx/CVE-2013-4078.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45566", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45566" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46158", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46158" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-36.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-36.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729" - }, - { - "name" : "DSA-2709", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2709" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "openSUSE-SU-2013:1084", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html" - }, - { - "name" : "openSUSE-SU-2013:1086", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html" - }, - { - "name" : "oval:org.mitre.oval:def:16936", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16936" - }, - { - "name" : "53762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53762" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html" + }, + { + "name": "53762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53762" + }, + { + "name": "oval:org.mitre.oval:def:16936", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16936" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45566", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45566" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729" + }, + { + "name": "openSUSE-SU-2013:1086", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html" + }, + { + "name": "DSA-2709", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2709" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46158", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46158" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-36.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-36.html" + }, + { + "name": "openSUSE-SU-2013:1084", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4291.json b/2013/4xxx/CVE-2013-4291.json index 6d799d96dbc..cace2c72ab3 100644 --- a/2013/4xxx/CVE-2013-4291.json +++ b/2013/4xxx/CVE-2013-4291.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fe11d34a6d46d6641ce90dc665164fda7bb6bff8", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fe11d34a6d46d6641ce90dc665164fda7bb6bff8" - }, - { - "name" : "http://libvirt.org/news.html", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/news.html" - }, - { - "name" : "http://wiki.libvirt.org/page/Maintenance_Releases", - "refsource" : "CONFIRM", - "url" : "http://wiki.libvirt.org/page/Maintenance_Releases" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1006509", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1006509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1006509", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006509" + }, + { + "name": "http://libvirt.org/news.html", + "refsource": "CONFIRM", + "url": "http://libvirt.org/news.html" + }, + { + "name": "http://wiki.libvirt.org/page/Maintenance_Releases", + "refsource": "CONFIRM", + "url": "http://wiki.libvirt.org/page/Maintenance_Releases" + }, + { + "name": "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fe11d34a6d46d6641ce90dc665164fda7bb6bff8", + "refsource": "CONFIRM", + "url": "http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fe11d34a6d46d6641ce90dc665164fda7bb6bff8" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5103.json b/2013/5xxx/CVE-2013-5103.json index da95c799b1f..f78a55b8504 100644 --- a/2013/5xxx/CVE-2013-5103.json +++ b/2013/5xxx/CVE-2013-5103.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5103", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5103", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5438.json b/2013/5xxx/CVE-2013-5438.json index e0be2b317de..9e22cc18642 100644 --- a/2013/5xxx/CVE-2013-5438.json +++ b/2013/5xxx/CVE-2013-5438.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_manager_web_server_allows_generic_xss_cve_2013_5438", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_manager_web_server_allows_generic_xss_cve_2013_5438" - }, - { - "name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5094212", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5094212" - }, - { - "name" : "ibm-fsm-cve20135438-xss(87753)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-fsm-cve20135438-xss(87753)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87753" + }, + { + "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_manager_web_server_allows_generic_xss_cve_2013_5438", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_manager_web_server_allows_generic_xss_cve_2013_5438" + }, + { + "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5094212", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5094212" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5580.json b/2013/5xxx/CVE-2013-5580.json index fc3ce9d4b12..bec2ae28479 100644 --- a/2013/5xxx/CVE-2013-5580.json +++ b/2013/5xxx/CVE-2013-5580.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a \"notice auth\" message not being sent to a new client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ngircd-ml] 20130823 ngIRCd 20.3", - "refsource" : "MLIST", - "url" : "http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html" - }, - { - "name" : "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=309122017ebc6fff039a7cab1b82f632853d82d5", - "refsource" : "CONFIRM", - "url" : "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=309122017ebc6fff039a7cab1b82f632853d82d5" - }, - { - "name" : "http://freecode.com/projects/ngircd/releases/357245", - "refsource" : "CONFIRM", - "url" : "http://freecode.com/projects/ngircd/releases/357245" - }, - { - "name" : "FEDORA-2013-15278", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115077.html" - }, - { - "name" : "FEDORA-2013-15290", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115047.html" - }, - { - "name" : "96590", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96590" - }, - { - "name" : "54567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a \"notice auth\" message not being sent to a new client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[ngircd-ml] 20130823 ngIRCd 20.3", + "refsource": "MLIST", + "url": "http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html" + }, + { + "name": "96590", + "refsource": "OSVDB", + "url": "http://osvdb.org/96590" + }, + { + "name": "http://freecode.com/projects/ngircd/releases/357245", + "refsource": "CONFIRM", + "url": "http://freecode.com/projects/ngircd/releases/357245" + }, + { + "name": "54567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54567" + }, + { + "name": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=309122017ebc6fff039a7cab1b82f632853d82d5", + "refsource": "CONFIRM", + "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=309122017ebc6fff039a7cab1b82f632853d82d5" + }, + { + "name": "FEDORA-2013-15290", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115047.html" + }, + { + "name": "FEDORA-2013-15278", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115077.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5757.json b/2013/5xxx/CVE-2013-5757.json index 552380f0a49..dd193a243ac 100644 --- a/2013/5xxx/CVE-2013-5757.json +++ b/2013/5xxx/CVE-2013-5757.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33740", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33740", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33740" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5827.json b/2013/5xxx/CVE-2013-5827.json index eafd5e6fb41..75b756cc3e2 100644 --- a/2013/5xxx/CVE-2013-5827.json +++ b/2013/5xxx/CVE-2013-5827.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "55322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55322" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0142.json b/2017/0xxx/CVE-2017-0142.json index 2f1dd8d7fe6..284e4510ceb 100644 --- a/2017/0xxx/CVE-2017-0142.json +++ b/2017/0xxx/CVE-2017-0142.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0142", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0142", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000129.json b/2017/1000xxx/CVE-2017-1000129.json index efce6259047..b7460a24d1a 100644 --- a/2017/1000xxx/CVE-2017-1000129.json +++ b/2017/1000xxx/CVE-2017-1000129.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.342690", - "ID" : "CVE-2017-1000129", - "REQUESTER" : "hbuchwald@ripstech.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Serendipity", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.3 and older, 2.1-beta1" - } - ] - } - } - ] - }, - "vendor_name" : "Serendipity" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.342690", + "ID": "CVE-2017-1000129", + "REQUESTER": "hbuchwald@ripstech.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html", - "refsource" : "MISC", - "url" : "https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html", + "refsource": "MISC", + "url": "https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12245.json b/2017/12xxx/CVE-2017-12245.json index 069d1966c52..f318e7e28a5 100644 --- a/2017/12xxx/CVE-2017-12245.json +++ b/2017/12xxx/CVE-2017-12245.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower Detection Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower Detection Engine" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.0.1 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances. Cisco Bug IDs: CSCve02069." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower Detection Engine", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower Detection Engine" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ftd", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ftd" - }, - { - "name" : "101118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.0.1 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances. Cisco Bug IDs: CSCve02069." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101118" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ftd", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ftd" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12555.json b/2017/12xxx/CVE-2017-12555.json index 3bf4710bbd1..9be8afd97eb 100644 --- a/2017/12xxx/CVE-2017-12555.json +++ b/2017/12xxx/CVE-2017-12555.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-10-03T00:00:00", - "ID" : "CVE-2017-12555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) Service Operation Management (SOM)", - "version" : { - "version_data" : [ - { - "version_value" : "IMC SOM 7.3 E0501" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Arbitrary File Download and disclosure of information" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-10-03T00:00:00", + "ID": "CVE-2017-12555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) Service Operation Management (SOM)", + "version": { + "version_data": [ + { + "version_value": "IMC SOM 7.3 E0501" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2017-27", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-27" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03776en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03776en_us" - }, - { - "name" : "1039496", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Arbitrary File Download and disclosure of information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03776en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03776en_us" + }, + { + "name": "1039496", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039496" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-27", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-27" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12582.json b/2017/12xxx/CVE-2017-12582.json index 65eab49d66f..ce0b4cbf7a3 100644 --- a/2017/12xxx/CVE-2017-12582.json +++ b/2017/12xxx/CVE-2017-12582.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kth.ninja/2017/08/qnap-surveillance-station.html", - "refsource" : "MISC", - "url" : "http://www.kth.ninja/2017/08/qnap-surveillance-station.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kth.ninja/2017/08/qnap-surveillance-station.html", + "refsource": "MISC", + "url": "http://www.kth.ninja/2017/08/qnap-surveillance-station.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12599.json b/2017/12xxx/CVE-2017-12599.json index fa895fc9377..dc9249d5da3 100644 --- a/2017/12xxx/CVE-2017-12599.json +++ b/2017/12xxx/CVE-2017-12599.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html" - }, - { - "name" : "https://github.com/opencv/opencv/issues/9309", - "refsource" : "MISC", - "url" : "https://github.com/opencv/opencv/issues/9309" - }, - { - "name" : "https://github.com/xiaoqx/pocs/blob/master/opencv.md", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/blob/master/opencv.md" - }, - { - "name" : "GLSA-201712-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html" + }, + { + "name": "GLSA-201712-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-02" + }, + { + "name": "https://github.com/xiaoqx/pocs/blob/master/opencv.md", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/blob/master/opencv.md" + }, + { + "name": "https://github.com/opencv/opencv/issues/9309", + "refsource": "MISC", + "url": "https://github.com/opencv/opencv/issues/9309" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13595.json b/2017/13xxx/CVE-2017-13595.json index 9b2cc75433b..a42f35770ad 100644 --- a/2017/13xxx/CVE-2017-13595.json +++ b/2017/13xxx/CVE-2017-13595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13595", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13595", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13668.json b/2017/13xxx/CVE-2017-13668.json index 1bc8713b449..4c4f50475b7 100644 --- a/2017/13xxx/CVE-2017-13668.json +++ b/2017/13xxx/CVE-2017-13668.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13668", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13668", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16049.json b/2017/16xxx/CVE-2017-16049.json index 953baccfa06..4dcd133eb39 100644 --- a/2017/16xxx/CVE-2017-16049.json +++ b/2017/16xxx/CVE-2017-16049.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nodesqlite node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded Malicious Code (CWE-506)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nodesqlite node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/492", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded Malicious Code (CWE-506)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/492", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/492" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16148.json b/2017/16xxx/CVE-2017-16148.json index b9db8ed8309..94dce35b1b7 100644 --- a/2017/16xxx/CVE-2017-16148.json +++ b/2017/16xxx/CVE-2017-16148.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "serve46 node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "serve46 is a static file server. serve46 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "serve46 node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/serve46", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/serve46" - }, - { - "name" : "https://nodesecurity.io/advisories/456", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "serve46 is a static file server. serve46 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/456", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/456" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/serve46", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/serve46" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16864.json b/2017/16xxx/CVE-2017-16864.json index 28c7673f50c..196119b3d9e 100644 --- a/2017/16xxx/CVE-2017-16864.json +++ b/2017/16xxx/CVE-2017-16864.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-01-11T00:00:00", - "ID" : "CVE-2017-16864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jira", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 7.4.2" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-01-11T00:00:00", + "ID": "CVE-2017-16864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "prior to 7.4.2" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-66624", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-66624" - }, - { - "name" : "102505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102505" + }, + { + "name": "https://jira.atlassian.com/browse/JRASERVER-66624", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-66624" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4132.json b/2017/4xxx/CVE-2017-4132.json index e21c73faa4f..22e5aa571e0 100644 --- a/2017/4xxx/CVE-2017-4132.json +++ b/2017/4xxx/CVE-2017-4132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4132", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4132", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4520.json b/2017/4xxx/CVE-2017-4520.json index 9df9129f2e0..0c642df48d1 100644 --- a/2017/4xxx/CVE-2017-4520.json +++ b/2017/4xxx/CVE-2017-4520.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4520", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4520", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4705.json b/2017/4xxx/CVE-2017-4705.json index b6bc8a9b0bf..48d7f1cd9de 100644 --- a/2017/4xxx/CVE-2017-4705.json +++ b/2017/4xxx/CVE-2017-4705.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4705", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4705", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4745.json b/2017/4xxx/CVE-2017-4745.json index 57178db872e..89ba2d97538 100644 --- a/2017/4xxx/CVE-2017-4745.json +++ b/2017/4xxx/CVE-2017-4745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4745", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4745", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4880.json b/2017/4xxx/CVE-2017-4880.json index d5554ec96ff..88f6ccd390f 100644 --- a/2017/4xxx/CVE-2017-4880.json +++ b/2017/4xxx/CVE-2017-4880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4880", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4880", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18379.json b/2018/18xxx/CVE-2018-18379.json index 5034d4c4e7f..8b32d268767 100644 --- a/2018/18xxx/CVE-2018-18379.json +++ b/2018/18xxx/CVE-2018-18379.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18379", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18379", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5378.json b/2018/5xxx/CVE-2018-5378.json index 23b372fbc87..ebabc3baa11 100644 --- a/2018/5xxx/CVE-2018-5378.json +++ b/2018/5xxx/CVE-2018-5378.json @@ -1,109 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "DATE_PUBLIC" : "2018-02-15T00:00:00.000Z", - "ID" : "CVE-2018-5378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "bgpd", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "bpgd", - "version_value" : "1.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "Quagga" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 5.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2018-02-15T00:00:00.000Z", + "ID": "CVE-2018-5378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "bgpd", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "bpgd", + "version_value": "1.2.3" + } + ] + } + } + ] + }, + "vendor_name": "Quagga" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://savannah.nongnu.org/forum/forum.php?forum_id=9095", - "refsource" : "CONFIRM", - "url" : "http://savannah.nongnu.org/forum/forum.php?forum_id=9095" - }, - { - "name" : "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt", - "refsource" : "CONFIRM", - "url" : "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt" - }, - { - "name" : "DSA-4115", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4115" - }, - { - "name" : "GLSA-201804-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-17" - }, - { - "name" : "USN-3573-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3573-1/" - }, - { - "name" : "VU#940439", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/940439" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt", + "refsource": "CONFIRM", + "url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt" + }, + { + "name": "USN-3573-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3573-1/" + }, + { + "name": "DSA-4115", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4115" + }, + { + "name": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095", + "refsource": "CONFIRM", + "url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095" + }, + { + "name": "GLSA-201804-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-17" + }, + { + "name": "VU#940439", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/940439" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5507.json b/2018/5xxx/CVE-2018-5507.json index 8cc8d7ea80f..01fd3cae978 100644 --- a/2018/5xxx/CVE-2018-5507.json +++ b/2018/5xxx/CVE-2018-5507.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-04-12T00:00:00", - "ID" : "CVE-2018-5507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - }, - { - "version_value" : "12.1.0-12.1.3.1" - }, - { - "version_value" : "11.6.1-11.6.2" - }, - { - "version_value" : "11.5.1-11.5.5" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-04-12T00:00:00", + "ID": "CVE-2018-5507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + }, + { + "version_value": "12.1.0-12.1.3.1" + }, + { + "version_value": "11.6.1-11.6.2" + }, + { + "version_value": "11.5.1-11.5.5" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K52521791", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K52521791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K52521791", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K52521791" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5789.json b/2018/5xxx/CVE-2018-5789.json index a0c7552d18a..b3dc2ca4ed3 100644 --- a/2018/5xxx/CVE-2018-5789.json +++ b/2018/5xxx/CVE-2018-5789.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003", - "refsource" : "CONFIRM", - "url" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003", + "refsource": "CONFIRM", + "url": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003" + } + ] + } +} \ No newline at end of file