From c63ce1c781030f5b7ce87c50d08446f0ab1971f6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:55:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0451.json | 130 +++++++------- 2001/0xxx/CVE-2001-0613.json | 140 +++++++-------- 2001/0xxx/CVE-2001-0720.json | 150 ++++++++-------- 2001/0xxx/CVE-2001-0724.json | 140 +++++++-------- 2001/0xxx/CVE-2001-0946.json | 150 ++++++++-------- 2001/0xxx/CVE-2001-0967.json | 130 +++++++------- 2001/1xxx/CVE-2001-1174.json | 150 ++++++++-------- 2001/1xxx/CVE-2001-1194.json | 150 ++++++++-------- 2001/1xxx/CVE-2001-1367.json | 140 +++++++-------- 2006/2xxx/CVE-2006-2004.json | 170 +++++++++--------- 2006/2xxx/CVE-2006-2884.json | 180 +++++++++---------- 2006/2xxx/CVE-2006-2886.json | 140 +++++++-------- 2008/5xxx/CVE-2008-5215.json | 150 ++++++++-------- 2008/5xxx/CVE-2008-5528.json | 150 ++++++++-------- 2008/5xxx/CVE-2008-5902.json | 140 +++++++-------- 2008/5xxx/CVE-2008-5991.json | 150 ++++++++-------- 2011/2xxx/CVE-2011-2022.json | 190 ++++++++++----------- 2011/2xxx/CVE-2011-2088.json | 160 ++++++++--------- 2011/2xxx/CVE-2011-2638.json | 140 +++++++-------- 2011/2xxx/CVE-2011-2670.json | 34 ++-- 2011/2xxx/CVE-2011-2687.json | 210 +++++++++++------------ 2011/2xxx/CVE-2011-2882.json | 130 +++++++------- 2011/2xxx/CVE-2011-2988.json | 190 ++++++++++----------- 2011/3xxx/CVE-2011-3582.json | 34 ++-- 2011/3xxx/CVE-2011-3761.json | 150 ++++++++-------- 2011/3xxx/CVE-2011-3861.json | 120 ++++++------- 2011/3xxx/CVE-2011-3950.json | 130 +++++++------- 2013/0xxx/CVE-2013-0015.json | 140 +++++++-------- 2013/0xxx/CVE-2013-0274.json | 180 +++++++++---------- 2013/0xxx/CVE-2013-0338.json | 240 +++++++++++++------------- 2013/0xxx/CVE-2013-0618.json | 190 ++++++++++----------- 2013/1xxx/CVE-2013-1668.json | 180 +++++++++---------- 2013/1xxx/CVE-2013-1789.json | 210 +++++++++++------------ 2013/1xxx/CVE-2013-1942.json | 190 ++++++++++----------- 2013/4xxx/CVE-2013-4223.json | 170 +++++++++--------- 2013/5xxx/CVE-2013-5329.json | 160 ++++++++--------- 2013/5xxx/CVE-2013-5385.json | 150 ++++++++-------- 2013/5xxx/CVE-2013-5478.json | 120 ++++++------- 2013/5xxx/CVE-2013-5952.json | 160 ++++++++--------- 2014/2xxx/CVE-2014-2225.json | 34 ++-- 2017/0xxx/CVE-2017-0292.json | 140 +++++++-------- 2017/1000xxx/CVE-2017-1000020.json | 124 +++++++------- 2017/1000xxx/CVE-2017-1000477.json | 134 +++++++-------- 2017/12xxx/CVE-2017-12985.json | 180 +++++++++---------- 2017/13xxx/CVE-2017-13672.json | 210 +++++++++++------------ 2017/16xxx/CVE-2017-16006.json | 132 +++++++------- 2017/16xxx/CVE-2017-16422.json | 34 ++-- 2017/4xxx/CVE-2017-4031.json | 34 ++-- 2017/4xxx/CVE-2017-4220.json | 34 ++-- 2017/4xxx/CVE-2017-4249.json | 34 ++-- 2017/4xxx/CVE-2017-4828.json | 34 ++-- 2018/18xxx/CVE-2018-18813.json | 266 ++++++++++++++--------------- 2018/5xxx/CVE-2018-5041.json | 130 +++++++------- 2018/5xxx/CVE-2018-5046.json | 140 +++++++-------- 2018/5xxx/CVE-2018-5804.json | 150 ++++++++-------- 2018/5xxx/CVE-2018-5809.json | 150 ++++++++-------- 56 files changed, 3949 insertions(+), 3949 deletions(-) diff --git a/2001/0xxx/CVE-2001-0451.json b/2001/0xxx/CVE-2001-0451.json index 35a1c5f5297..42c6c1faeaa 100644 --- a/2001/0xxx/CVE-2001-0451.json +++ b/2001/0xxx/CVE-2001-0451.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010307 INDEXU Authentication By-Pass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/167172" - }, - { - "name" : "indexu-gain-access(6202)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010307 INDEXU Authentication By-Pass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/167172" + }, + { + "name": "indexu-gain-access(6202)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6202" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0613.json b/2001/0xxx/CVE-2001-0613.json index 6d3996f4845..70da8884be9 100644 --- a/2001/0xxx/CVE-2001-0613.json +++ b/2001/0xxx/CVE-2001-0613.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010515 OmniHTTPd Pro Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html" - }, - { - "name" : "omnihttpd-post-dos(6540)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6540" - }, - { - "name" : "2730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2730" + }, + { + "name": "omnihttpd-post-dos(6540)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6540" + }, + { + "name": "20010515 OmniHTTPd Pro Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0720.json b/2001/0xxx/CVE-2001-0720.json index fbbc41f6b65..06e550d99c6 100644 --- a/2001/0xxx/CVE-2001-0720.json +++ b/2001/0xxx/CVE-2001-0720.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-053", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-053" - }, - { - "name" : "M-013", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-013.shtml" - }, - { - "name" : "ie-mac-downloaded-file-execution(7336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7336" - }, - { - "name" : "3471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-053", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-053" + }, + { + "name": "ie-mac-downloaded-file-execution(7336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7336" + }, + { + "name": "M-013", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-013.shtml" + }, + { + "name": "3471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3471" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0724.json b/2001/0xxx/CVE-2001-0724.json index a2856e28425..91a38d77ad2 100644 --- a/2001/0xxx/CVE-2001-0724.json +++ b/2001/0xxx/CVE-2001-0724.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the \"Zone Spoofing Vulnerability variant\" of CVE-2001-0664." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-055", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055" - }, - { - "name" : "5556", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5556" - }, - { - "name" : "ie-incorrect-security-zone-variant(8471)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the \"Zone Spoofing Vulnerability variant\" of CVE-2001-0664." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5556", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5556" + }, + { + "name": "MS01-055", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055" + }, + { + "name": "ie-incorrect-security-zone-variant(8471)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8471" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0946.json b/2001/0xxx/CVE-2001-0946.json index cf70d756fc5..aacd7e4a056 100644 --- a/2001/0xxx/CVE-2001-0946.json +++ b/2001/0xxx/CVE-2001-0946.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "apmscript in Apmd in Red Hat 7.2 \"Enigma\" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011204 Symlink attack with apmd of RH 7.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100743394701962&w=2" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389" - }, - { - "name" : "apmd-apmscript-symlink(8268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8268" - }, - { - "name" : "5493", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "apmscript in Apmd in Red Hat 7.2 \"Enigma\" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apmd-apmscript-symlink(8268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8268" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389" + }, + { + "name": "20011204 Symlink attack with apmd of RH 7.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100743394701962&w=2" + }, + { + "name": "5493", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5493" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0967.json b/2001/0xxx/CVE-2001-0967.json index 3204a11a1f2..8a317731e28 100644 --- a/2001/0xxx/CVE-2001-0967.json +++ b/2001/0xxx/CVE-2001-0967.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010817 Arkeia Possible remote root & information leakage", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html" - }, - { - "name" : "3204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3204" + }, + { + "name": "20010817 Arkeia Possible remote root & information leakage", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1174.json b/2001/1xxx/CVE-2001-1174.json index c5cabd25093..38e19495e0f 100644 --- a/2001/1xxx/CVE-2001-1174.json +++ b/2001/1xxx/CVE-2001-1174.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2001:091", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-091.html" - }, - { - "name" : "MDKSA-2001:067", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-067.php" - }, - { - "name" : "elm-messageid-bo(6852)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6852" - }, - { - "name" : "5451", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5451", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5451" + }, + { + "name": "RHSA-2001:091", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-091.html" + }, + { + "name": "elm-messageid-bo(6852)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6852" + }, + { + "name": "MDKSA-2001:067", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-067.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1194.json b/2001/1xxx/CVE-2001-1194.json index 47153413d33..d9114dab676 100644 --- a/2001/1xxx/CVE-2001-1194.json +++ b/2001/1xxx/CVE-2001-1194.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011214 Zyxel Prestige 681 and 1600 (possibly other?) remote DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-12/0140.html" - }, - { - "name" : "20011218 Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-12/0190.html" - }, - { - "name" : "3695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3695" - }, - { - "name" : "prestige-dsl-packet-length-dos(7704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011218 Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0190.html" + }, + { + "name": "prestige-dsl-packet-length-dos(7704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7704" + }, + { + "name": "20011214 Zyxel Prestige 681 and 1600 (possibly other?) remote DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0140.html" + }, + { + "name": "3695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3695" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1367.json b/2001/1xxx/CVE-2001-1367.json index 5a9c40e5ff0..80dbc8d26c8 100644 --- a/2001/1xxx/CVE-2001-1367.json +++ b/2001/1xxx/CVE-2001-1367.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phpslice.org/comments.php?aid=1031&", - "refsource" : "CONFIRM", - "url" : "http://phpslice.org/comments.php?aid=1031&" - }, - { - "name" : "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" - }, - { - "name" : "phpslice-checkaccess-function-privileges(9649)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" + }, + { + "name": "http://phpslice.org/comments.php?aid=1031&", + "refsource": "CONFIRM", + "url": "http://phpslice.org/comments.php?aid=1031&" + }, + { + "name": "phpslice-checkaccess-function-privileges(9649)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9649" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2004.json b/2006/2xxx/CVE-2006-2004.json index b97ed2a0b08..2d393943116 100644 --- a/2006/2xxx/CVE-2006-2004.json +++ b/2006/2xxx/CVE-2006-2004.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060423 RIblog Remote SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431868/100/0/threaded" - }, - { - "name" : "http://colander.altervista.org/advisory/riblog.txt", - "refsource" : "MISC", - "url" : "http://colander.altervista.org/advisory/riblog.txt" - }, - { - "name" : "17654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17654" - }, - { - "name" : "ADV-2006-1489", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1489" - }, - { - "name" : "19783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19783" - }, - { - "name" : "riblog-login-sql-injection(26132)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1489", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1489" + }, + { + "name": "17654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17654" + }, + { + "name": "20060423 RIblog Remote SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431868/100/0/threaded" + }, + { + "name": "http://colander.altervista.org/advisory/riblog.txt", + "refsource": "MISC", + "url": "http://colander.altervista.org/advisory/riblog.txt" + }, + { + "name": "19783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19783" + }, + { + "name": "riblog-login-sql-injection(26132)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26132" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2884.json b/2006/2xxx/CVE-2006-2884.json index 396685c483f..18f7f44434d 100644 --- a/2006/2xxx/CVE-2006-2884.json +++ b/2006/2xxx/CVE-2006-2884.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060605 Kmita FAQ v1.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435982/100/0/threaded" - }, - { - "name" : "18282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18282" - }, - { - "name" : "ADV-2006-2165", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2165" - }, - { - "name" : "1016226", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016226" - }, - { - "name" : "20471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20471" - }, - { - "name" : "1055", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1055" - }, - { - "name" : "kmitafaq-index-sql-injection(26987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20471" + }, + { + "name": "kmitafaq-index-sql-injection(26987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26987" + }, + { + "name": "20060605 Kmita FAQ v1.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435982/100/0/threaded" + }, + { + "name": "ADV-2006-2165", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2165" + }, + { + "name": "1016226", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016226" + }, + { + "name": "1055", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1055" + }, + { + "name": "18282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18282" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2886.json b/2006/2xxx/CVE-2006-2886.json index 0a55cb51cd6..84b8fce6431 100644 --- a/2006/2xxx/CVE-2006-2886.json +++ b/2006/2xxx/CVE-2006-2886.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html" - }, - { - "name" : "26297", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26297" - }, - { - "name" : "knowledgetree-view-path-disclosure(26943)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "knowledgetree-view-path-disclosure(26943)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26943" + }, + { + "name": "26297", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26297" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5215.json b/2008/5xxx/CVE-2008-5215.json index 64f02a4508b..fda401bd8bc 100644 --- a/2008/5xxx/CVE-2008-5215.json +++ b/2008/5xxx/CVE-2008-5215.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5595", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5595" - }, - { - "name" : "29156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29156" - }, - { - "name" : "4628", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4628" - }, - { - "name" : "clanlite-profil-sql-injection(42330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4628", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4628" + }, + { + "name": "29156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29156" + }, + { + "name": "clanlite-profil-sql-injection(42330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42330" + }, + { + "name": "5595", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5595" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5528.json b/2008/5xxx/CVE-2008-5528.json index d16f5ba7df6..f6943535ca9 100644 --- a/2008/5xxx/CVE-2008-5528.json +++ b/2008/5xxx/CVE-2008-5528.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded" - }, - { - "name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded" - }, - { - "name" : "4723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4723" - }, - { - "name" : "multiple-antivirus-mzheader-code-execution(47435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-antivirus-mzheader-code-execution(47435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" + }, + { + "name": "4723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4723" + }, + { + "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded" + }, + { + "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5902.json b/2008/5xxx/CVE-2008-5902.json index 43fdfd5c53e..48213ee3407 100644 --- a/2008/5xxx/CVE-2008-5902.json +++ b/2008/5xxx/CVE-2008-5902.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090112 CVE request: xrdp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/01/12/3" - }, - { - "name" : "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf" - }, - { - "name" : "SUSE-SR:2009:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2009:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" + }, + { + "name": "[oss-security] 20090112 CVE request: xrdp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/01/12/3" + }, + { + "name": "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5991.json b/2008/5xxx/CVE-2008-5991.json index 1ee262231e3..d33fcb5f35c 100644 --- a/2008/5xxx/CVE-2008-5991.json +++ b/2008/5xxx/CVE-2008-5991.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6552", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6552" - }, - { - "name" : "31378", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31378" - }, - { - "name" : "31994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31994" - }, - { - "name" : "mailwatch-docs-file-include(45393)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31378", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31378" + }, + { + "name": "6552", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6552" + }, + { + "name": "31994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31994" + }, + { + "name": "mailwatch-docs-file-include(45393)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45393" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2022.json b/2011/2xxx/CVE-2011-2022.json index b66f5c29bb3..e9dd58d8657 100644 --- a/2011/2xxx/CVE-2011-2022.json +++ b/2011/2xxx/CVE-2011-2022.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20110414 [PATCH] char: agp: fix arbitrary kernel memory writes", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/4/14/293" - }, - { - "name" : "[oss-security] 20110421 CVE request: kernel: buffer overflow and DoS issues in agp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/21/4" - }, - { - "name" : "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/22/7" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=698996", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=698996" - }, - { - "name" : "RHSA-2011:0927", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-0927.html" - }, - { - "name" : "47843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:0927", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html" + }, + { + "name": "[oss-security] 20110421 CVE request: kernel: buffer overflow and DoS issues in agp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/21/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=698996", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=698996" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce" + }, + { + "name": "[linux-kernel] 20110414 [PATCH] char: agp: fix arbitrary kernel memory writes", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/4/14/293" + }, + { + "name": "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/22/7" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5" + }, + { + "name": "47843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47843" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2088.json b/2011/2xxx/CVE-2011-2088.json index 29dcd86520e..959f1c16d25 100644 --- a/2011/2xxx/CVE-2011-2088.json +++ b/2011/2xxx/CVE-2011-2088.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518066/100/0/threaded" - }, - { - "name" : "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html", - "refsource" : "MISC", - "url" : "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html" - }, - { - "name" : "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html", - "refsource" : "MISC", - "url" : "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html" - }, - { - "name" : "http://www.ventuneac.net/security-advisories/MVSA-11-006", - "refsource" : "MISC", - "url" : "http://www.ventuneac.net/security-advisories/MVSA-11-006" - }, - { - "name" : "https://issues.apache.org/jira/browse/WW-3579", - "refsource" : "MISC", - "url" : "https://issues.apache.org/jira/browse/WW-3579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/WW-3579", + "refsource": "MISC", + "url": "https://issues.apache.org/jira/browse/WW-3579" + }, + { + "name": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html", + "refsource": "MISC", + "url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html" + }, + { + "name": "http://www.ventuneac.net/security-advisories/MVSA-11-006", + "refsource": "MISC", + "url": "http://www.ventuneac.net/security-advisories/MVSA-11-006" + }, + { + "name": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html", + "refsource": "MISC", + "url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html" + }, + { + "name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2638.json b/2011/2xxx/CVE-2011-2638.json index 7c7d4595f7c..cea34afead5 100644 --- a/2011/2xxx/CVE-2011-2638.json +++ b/2011/2xxx/CVE-2011-2638.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1110/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1110/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1110/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1110/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1110/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1110/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2670.json b/2011/2xxx/CVE-2011-2670.json index a8c8baef61b..bfe07c7ea73 100644 --- a/2011/2xxx/CVE-2011-2670.json +++ b/2011/2xxx/CVE-2011-2670.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2670", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2670", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2687.json b/2011/2xxx/CVE-2011-2687.json index 512cf1986e9..f84cfd3de77 100644 --- a/2011/2xxx/CVE-2011-2687.json +++ b/2011/2xxx/CVE-2011-2687.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110711 CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/11/2" - }, - { - "name" : "[oss-security] 20110712 Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/12/16" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385" - }, - { - "name" : "http://drupal.org/node/1204582", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1204582" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=717874", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=717874" - }, - { - "name" : "FEDORA-2011-8878", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062722.html" - }, - { - "name" : "FEDORA-2011-8879", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062714.html" - }, - { - "name" : "48505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48505" - }, - { - "name" : "45081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45081" - }, - { - "name" : "45291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-8879", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062714.html" + }, + { + "name": "45081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45081" + }, + { + "name": "48505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48505" + }, + { + "name": "FEDORA-2011-8878", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062722.html" + }, + { + "name": "http://drupal.org/node/1204582", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1204582" + }, + { + "name": "[oss-security] 20110712 Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/12/16" + }, + { + "name": "[oss-security] 20110711 CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/11/2" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=717874", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=717874" + }, + { + "name": "45291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45291" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2882.json b/2011/2xxx/CVE-2011-2882.json index 392d8db5719..c32e292709b 100644 --- a/2011/2xxx/CVE-2011-2882.json +++ b/2011/2xxx/CVE-2011-2882.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110714 Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=929" - }, - { - "name" : "8358", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8358", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8358" + }, + { + "name": "20110714 Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=929" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2988.json b/2011/2xxx/CVE-2011-2988.json index 34c66291c8a..bb7e60c9ec2 100644 --- a/2011/2xxx/CVE-2011-2988.json +++ b/2011/2xxx/CVE-2011-2988.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665936", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665936" - }, - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html" - }, - { - "name" : "SUSE-SA:2011:037", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" - }, - { - "name" : "49242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49242" - }, - { - "name" : "oval:org.mitre.oval:def:14270", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14270" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html" + }, + { + "name": "oval:org.mitre.oval:def:14270", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14270" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html" + }, + { + "name": "SUSE-SA:2011:037", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "49242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49242" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=665936", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665936" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3582.json b/2011/3xxx/CVE-2011-3582.json index f2b8924ca15..2d0a1b22181 100644 --- a/2011/3xxx/CVE-2011-3582.json +++ b/2011/3xxx/CVE-2011-3582.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3582", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3582", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3761.json b/2011/3xxx/CVE-2011-3761.json index e8a04b74250..c23c2067785 100644 --- a/2011/3xxx/CVE-2011-3761.json +++ b/2011/3xxx/CVE-2011-3761.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/NuSOAP", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/NuSOAP" - }, - { - "name" : "nusoap-classwsdl-path-disclosure(70611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/NuSOAP", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/NuSOAP" + }, + { + "name": "nusoap-classwsdl-path-disclosure(70611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70611" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3861.json b/2011/3xxx/CVE-2011-3861.json index d616595d31b..1190db4e521 100644 --- a/2011/3xxx/CVE-2011-3861.json +++ b/2011/3xxx/CVE-2011-3861.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sitewat.ch/en/Advisories/19", - "refsource" : "MISC", - "url" : "https://sitewat.ch/en/Advisories/19" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sitewat.ch/en/Advisories/19", + "refsource": "MISC", + "url": "https://sitewat.ch/en/Advisories/19" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3950.json b/2011/3xxx/CVE-2011-3950.json index be819822b41..cd6fe057314 100644 --- a/2011/3xxx/CVE-2011-3950.json +++ b/2011/3xxx/CVE-2011-3950.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0015.json b/2013/0xxx/CVE-2013-0015.json index 05ca1e27922..19a0ecf3ee1 100644 --- a/2013/0xxx/CVE-2013-0015.json +++ b/2013/0xxx/CVE-2013-0015.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka \"Shift JIS Character Encoding Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16371", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka \"Shift JIS Character Encoding Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009" + }, + { + "name": "oval:org.mitre.oval:def:16371", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16371" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0274.json b/2013/0xxx/CVE-2013-0274.json index 534b2cc31ce..65e0cea7a39 100644 --- a/2013/0xxx/CVE-2013-0274.json +++ b/2013/0xxx/CVE-2013-0274.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3", - "refsource" : "CONFIRM", - "url" : "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=68", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=68" - }, - { - "name" : "SUSE-SU-2013:0388", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:0405", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html" - }, - { - "name" : "openSUSE-SU-2013:0407", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html" - }, - { - "name" : "USN-1746-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1746-1" - }, - { - "name" : "oval:org.mitre.oval:def:18221", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0388", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html" + }, + { + "name": "http://www.pidgin.im/news/security/?id=68", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=68" + }, + { + "name": "USN-1746-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1746-1" + }, + { + "name": "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3", + "refsource": "CONFIRM", + "url": "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3" + }, + { + "name": "openSUSE-SU-2013:0405", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html" + }, + { + "name": "openSUSE-SU-2013:0407", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html" + }, + { + "name": "oval:org.mitre.oval:def:18221", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0338.json b/2013/0xxx/CVE-2013-0338.json index eb5a6b8cbec..b0961d701db 100644 --- a/2013/0xxx/CVE-2013-0338.json +++ b/2013/0xxx/CVE-2013-0338.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=912400", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=912400" - }, - { - "name" : "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "DSA-2652", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2652" - }, - { - "name" : "HPSBGN03302", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142798889927587&w=2" - }, - { - "name" : "SSRT101996", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142798889927587&w=2" - }, - { - "name" : "MDVSA-2013:056", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056" - }, - { - "name" : "openSUSE-SU-2013:0552", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html" - }, - { - "name" : "openSUSE-SU-2013:0555", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html" - }, - { - "name" : "SUSE-SU-2013:1627", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" - }, - { - "name" : "USN-1782-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1782-1" - }, - { - "name" : "52662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52662" - }, - { - "name" : "55568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52662" + }, + { + "name": "openSUSE-SU-2013:0555", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html" + }, + { + "name": "SUSE-SU-2013:1627", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=912400", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400" + }, + { + "name": "openSUSE-SU-2013:0552", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html" + }, + { + "name": "SSRT101996", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "DSA-2652", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2652" + }, + { + "name": "HPSBGN03302", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2" + }, + { + "name": "55568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55568" + }, + { + "name": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab" + }, + { + "name": "USN-1782-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1782-1" + }, + { + "name": "MDVSA-2013:056", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0618.json b/2013/0xxx/CVE-2013-0618.json index ec41206dba2..60bf304cb94 100644 --- a/2013/0xxx/CVE-2013-0618.json +++ b/2013/0xxx/CVE-2013-0618.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a \"logic error,\" a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-0618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0150", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0150.html" - }, - { - "name" : "SUSE-SU-2013:0044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" - }, - { - "name" : "SUSE-SU-2013:0047", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" - }, - { - "name" : "openSUSE-SU-2013:0193", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" - }, - { - "name" : "oval:org.mitre.oval:def:15822", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a \"logic error,\" a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:15822", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15822" + }, + { + "name": "SUSE-SU-2013:0047", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:0193", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" + }, + { + "name": "openSUSE-SU-2013:0138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-02.html" + }, + { + "name": "RHSA-2013:0150", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0150.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1668.json b/2013/1xxx/CVE-2013-1668.json index 25b5749f43f..81cdcd3b776 100644 --- a/2013/1xxx/CVE-2013-1668.json +++ b/2013/1xxx/CVE-2013-1668.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130306 OS Command Injection in CosCms", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0033.html" - }, - { - "name" : "24629", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24629" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23145", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23145" - }, - { - "name" : "http://www.coscms.org/blog/view/4/Version-1.822", - "refsource" : "CONFIRM", - "url" : "http://www.coscms.org/blog/view/4/Version-1.822" - }, - { - "name" : "https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c", - "refsource" : "CONFIRM", - "url" : "https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c" - }, - { - "name" : "58332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58332" - }, - { - "name" : "90927", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "90927", + "refsource": "OSVDB", + "url": "http://osvdb.org/90927" + }, + { + "name": "http://www.coscms.org/blog/view/4/Version-1.822", + "refsource": "CONFIRM", + "url": "http://www.coscms.org/blog/view/4/Version-1.822" + }, + { + "name": "58332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58332" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23145", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23145" + }, + { + "name": "20130306 OS Command Injection in CosCms", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0033.html" + }, + { + "name": "24629", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24629" + }, + { + "name": "https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c", + "refsource": "CONFIRM", + "url": "https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1789.json b/2013/1xxx/CVE-2013-1789.json index 3be253393e4..980c4078cad 100644 --- a/2013/1xxx/CVE-2013-1789.json +++ b/2013/1xxx/CVE-2013-1789.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/28/4" - }, - { - "name" : "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/28/8" - }, - { - "name" : "http://j00ru.vexillium.org/?p=1507", - "refsource" : "MISC", - "url" : "http://j00ru.vexillium.org/?p=1507" - }, - { - "name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec" - }, - { - "name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=917109", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=917109" - }, - { - "name" : "FEDORA-2013-3457", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html" - }, - { - "name" : "FEDORA-2013-3473", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html" - }, - { - "name" : "USN-1785-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1785-1" - }, - { - "name" : "52846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2013-3457", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html" + }, + { + "name": "FEDORA-2013-3473", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html" + }, + { + "name": "USN-1785-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1785-1" + }, + { + "name": "http://j00ru.vexillium.org/?p=1507", + "refsource": "MISC", + "url": "http://j00ru.vexillium.org/?p=1507" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=917109", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917109" + }, + { + "name": "52846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52846" + }, + { + "name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/28/8" + }, + { + "name": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec" + }, + { + "name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/28/4" + }, + { + "name": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1942.json b/2013/1xxx/CVE-2013-1942.json index 686eb16c6a7..aa602b6103d 100644 --- a/2013/1xxx/CVE-2013-1942.json +++ b/2013/1xxx/CVE-2013-1942.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130421 Vulnerabilities in jPlayer", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Apr/192" - }, - { - "name" : "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=136570964825921&w=2" - }, - { - "name" : "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=136726705917858&w=2" - }, - { - "name" : "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=136773622321563&w=2" - }, - { - "name" : "http://www.jplayer.org/2.3.0/release-notes/", - "refsource" : "CONFIRM", - "url" : "http://www.jplayer.org/2.3.0/release-notes/" - }, - { - "name" : "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d", - "refsource" : "CONFIRM", - "url" : "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d" - }, - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-014/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-014/" - }, - { - "name" : "59030", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59030", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59030" + }, + { + "name": "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=136773622321563&w=2" + }, + { + "name": "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=136570964825921&w=2" + }, + { + "name": "http://www.jplayer.org/2.3.0/release-notes/", + "refsource": "CONFIRM", + "url": "http://www.jplayer.org/2.3.0/release-notes/" + }, + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2013-014/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-014/" + }, + { + "name": "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d", + "refsource": "CONFIRM", + "url": "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d" + }, + { + "name": "20130421 Vulnerabilities in jPlayer", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Apr/192" + }, + { + "name": "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=136726705917858&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4223.json b/2013/4xxx/CVE-2013-4223.json index f940634b376..bd0fe34aefd 100644 --- a/2013/4xxx/CVE-2013-4223.json +++ b/2013/4xxx/CVE-2013-4223.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130809 Re: CVE request: nullmailer world readable /etc/nullmailer/remotes", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q3/337" - }, - { - "name" : "[oss-security] 20130809 Re: CVE request: nullmailer world readable /etc/nullmailer/remotes", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q3/339" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=480376", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=480376" - }, - { - "name" : "61743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61743" - }, - { - "name" : "96177", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96177" - }, - { - "name" : "nullmailer-cve20134223-insecure-permissions(86384)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130809 Re: CVE request: nullmailer world readable /etc/nullmailer/remotes", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q3/337" + }, + { + "name": "nullmailer-cve20134223-insecure-permissions(86384)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86384" + }, + { + "name": "[oss-security] 20130809 Re: CVE request: nullmailer world readable /etc/nullmailer/remotes", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q3/339" + }, + { + "name": "61743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61743" + }, + { + "name": "96177", + "refsource": "OSVDB", + "url": "http://osvdb.org/96177" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=480376", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=480376" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5329.json b/2013/5xxx/CVE-2013-5329.json index 92540e5e127..e4cec0a6d3a 100644 --- a/2013/5xxx/CVE-2013-5329.json +++ b/2013/5xxx/CVE-2013-5329.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-5329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-26.html" - }, - { - "name" : "RHSA-2013:1518", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1518.html" - }, - { - "name" : "SUSE-SU-2013:1716", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00015.html" - }, - { - "name" : "openSUSE-SU-2013:1717", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00016.html" - }, - { - "name" : "openSUSE-SU-2013:1737", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00019.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1518", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1518.html" + }, + { + "name": "SUSE-SU-2013:1716", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00015.html" + }, + { + "name": "openSUSE-SU-2013:1717", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00016.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-26.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-26.html" + }, + { + "name": "openSUSE-SU-2013:1737", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00019.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5385.json b/2013/5xxx/CVE-2013-5385.json index 0a70a826986..c0d97cdbbb3 100644 --- a/2013/5xxx/CVE-2013-5385.json +++ b/2013/5xxx/CVE-2013-5385.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/BLUU-985QTG", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/BLUU-985QTG" - }, - { - "name" : "VU#229804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/229804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716" + }, + { + "name": "VU#229804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/229804" + }, + { + "name": "http://www.kb.cert.org/vuls/id/BLUU-985QTG", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/BLUU-985QTG" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5478.json b/2013/5xxx/CVE-2013-5478.json index 684079d05c2..1b63b21df83 100644 --- a/2013/5xxx/CVE-2013-5478.json +++ b/2013/5xxx/CVE-2013-5478.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130925 Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130925 Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5952.json b/2013/5xxx/CVE-2013-5952.json index 356a0bb4de1..bb45241eba7 100644 --- a/2013/5xxx/CVE-2013-5952.json +++ b/2013/5xxx/CVE-2013-5952.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140315 [CVE-2013-5952] Multiple Cross Site Scripting Vulnerabilities in Freichat", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2014-03/0275.html" - }, - { - "name" : "http://packetstormsecurity.com/files/125737", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125737" - }, - { - "name" : "66254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66254" - }, - { - "name" : "57361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57361" - }, - { - "name" : "freichat-cve20135952-xss(91824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57361" + }, + { + "name": "http://packetstormsecurity.com/files/125737", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125737" + }, + { + "name": "66254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66254" + }, + { + "name": "20140315 [CVE-2013-5952] Multiple Cross Site Scripting Vulnerabilities in Freichat", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-03/0275.html" + }, + { + "name": "freichat-cve20135952-xss(91824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91824" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2225.json b/2014/2xxx/CVE-2014-2225.json index 13005a3c1d8..5a03be01518 100644 --- a/2014/2xxx/CVE-2014-2225.json +++ b/2014/2xxx/CVE-2014-2225.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2225", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2225", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0292.json b/2017/0xxx/CVE-2017-0292.json index 5cedee95928..d020097fd6e 100644 --- a/2017/0xxx/CVE-2017-0292.json +++ b/2017/0xxx/CVE-2017-0292.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows PDF", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka \"Windows PDF Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0291." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows PDF", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292" - }, - { - "name" : "98836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98836" - }, - { - "name" : "1038678", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka \"Windows PDF Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0291." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98836" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292" + }, + { + "name": "1038678", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038678" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000020.json b/2017/1000xxx/CVE-2017-1000020.json index 09e28207ce5..a0c8605385d 100644 --- a/2017/1000xxx/CVE-2017-1000020.json +++ b/2017/1000xxx/CVE-2017-1000020.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.271028", - "ID" : "CVE-2017-1000020", - "REQUESTER" : "niteshvai67@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eCos Embedded - SOHO Routers manufactured by TOTOLINK, GREATEK and others.", - "version" : { - "version_data" : [ - { - "version_value" : "1 and other" - } - ] - } - } - ] - }, - "vendor_name" : "ECos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. \"eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.271028", + "ID": "CVE-2017-1000020", + "REQUESTER": "niteshvai67@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ecos.sourceware.org/ecos/problemreport.html", - "refsource" : "MISC", - "url" : "http://ecos.sourceware.org/ecos/problemreport.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. \"eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ecos.sourceware.org/ecos/problemreport.html", + "refsource": "MISC", + "url": "http://ecos.sourceware.org/ecos/problemreport.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000477.json b/2017/1000xxx/CVE-2017-1000477.json index d08e3f17f32..4b58d04035b 100644 --- a/2017/1000xxx/CVE-2017-1000477.json +++ b/2017/1000xxx/CVE-2017-1000477.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000477", - "REQUESTER" : "sajeeb.lohani@bulletproof.sh", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "XMLBundle", - "version" : { - "version_data" : [ - { - "version_value" : "0.1.7" - } - ] - } - } - ] - }, - "vendor_name" : "XMLBundle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000477", + "REQUESTER": "sajeeb.lohani@bulletproof.sh", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pravednik/xmlBundle", - "refsource" : "MISC", - "url" : "https://github.com/pravednik/xmlBundle" - }, - { - "name" : "https://github.com/pravednik/xmlBundle/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/pravednik/xmlBundle/issues/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pravednik/xmlBundle", + "refsource": "MISC", + "url": "https://github.com/pravednik/xmlBundle" + }, + { + "name": "https://github.com/pravednik/xmlBundle/issues/2", + "refsource": "MISC", + "url": "https://github.com/pravednik/xmlBundle/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12985.json b/2017/12xxx/CVE-2017-12985.json index 10d34c9cfa6..cd3785e3d55 100644 --- a/2017/12xxx/CVE-2017-12985.json +++ b/2017/12xxx/CVE-2017-12985.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5e34d341a6bf9ac7f", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5e34d341a6bf9ac7f" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5e34d341a6bf9ac7f", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5e34d341a6bf9ac7f" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13672.json b/2017/13xxx/CVE-2017-13672.json index 40cfc8b52b8..0a48753ce8e 100644 --- a/2017/13xxx/CVE-2017-13672.json +++ b/2017/13xxx/CVE-2017-13672.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170830 CVE-2017-13672 Qemu: vga: OOB read access during display update", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/08/30/3" - }, - { - "name" : "[qemu-devel] 20170824 [PATCH] vga: stop passing pointers to vga_draw_line* functions", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1486560", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1486560" - }, - { - "name" : "DSA-3991", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3991" - }, - { - "name" : "RHSA-2018:0816", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0816" - }, - { - "name" : "RHSA-2018:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1104" - }, - { - "name" : "RHSA-2018:1113", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1113" - }, - { - "name" : "RHSA-2018:2162", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2162" - }, - { - "name" : "USN-3575-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3575-1/" - }, - { - "name" : "100540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2162", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2162" + }, + { + "name": "[qemu-devel] 20170824 [PATCH] vga: stop passing pointers to vga_draw_line* functions", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html" + }, + { + "name": "RHSA-2018:0816", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0816" + }, + { + "name": "DSA-3991", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3991" + }, + { + "name": "RHSA-2018:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1104" + }, + { + "name": "RHSA-2018:1113", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1113" + }, + { + "name": "USN-3575-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3575-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560" + }, + { + "name": "100540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100540" + }, + { + "name": "[oss-security] 20170830 CVE-2017-13672 Qemu: vga: OOB read access during display update", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/08/30/3" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16006.json b/2017/16xxx/CVE-2017-16006.json index 6c7811bcb13..f720bf3f843 100644 --- a/2017/16xxx/CVE-2017-16006.json +++ b/2017/16xxx/CVE-2017-16006.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "remarkable node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=1.6.2" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Generic (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "remarkable node module", + "version": { + "version_data": [ + { + "version_value": "<=1.6.2" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jonschlinkert/remarkable/issues/227", - "refsource" : "MISC", - "url" : "https://github.com/jonschlinkert/remarkable/issues/227" - }, - { - "name" : "https://nodesecurity.io/advisories/319", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jonschlinkert/remarkable/issues/227", + "refsource": "MISC", + "url": "https://github.com/jonschlinkert/remarkable/issues/227" + }, + { + "name": "https://nodesecurity.io/advisories/319", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/319" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16422.json b/2017/16xxx/CVE-2017-16422.json index 97b46808559..f79737cc6c6 100644 --- a/2017/16xxx/CVE-2017-16422.json +++ b/2017/16xxx/CVE-2017-16422.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16422", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16422", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4031.json b/2017/4xxx/CVE-2017-4031.json index ac3737e9a02..b631c7b3706 100644 --- a/2017/4xxx/CVE-2017-4031.json +++ b/2017/4xxx/CVE-2017-4031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4031", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4031", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4220.json b/2017/4xxx/CVE-2017-4220.json index 28297404651..c80cf555e8f 100644 --- a/2017/4xxx/CVE-2017-4220.json +++ b/2017/4xxx/CVE-2017-4220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4220", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4220", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4249.json b/2017/4xxx/CVE-2017-4249.json index 410f7d3962f..b6422393df2 100644 --- a/2017/4xxx/CVE-2017-4249.json +++ b/2017/4xxx/CVE-2017-4249.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4249", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4249", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4828.json b/2017/4xxx/CVE-2017-4828.json index 0bb079d1597..01ecbfe16da 100644 --- a/2017/4xxx/CVE-2017-4828.json +++ b/2017/4xxx/CVE-2017-4828.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4828", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4828", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18813.json b/2018/18xxx/CVE-2018-18813.json index de1f5705be1..2a0b706614b 100644 --- a/2018/18xxx/CVE-2018-18813.json +++ b/2018/18xxx/CVE-2018-18813.json @@ -1,135 +1,135 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2019-01-16T17:00:00.000Z", - "ID" : "CVE-2018-18813", - "STATE" : "PUBLIC", - "TITLE" : "TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIBCO Spotfire Analytics Platform for AWS Marketplace", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "10.0.0" - } - ] - } - }, - { - "product_name" : "TIBCO Spotfire Server", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "7.10.1" - }, - { - "affected" : "=", - "version_value" : "7.11.0" - }, - { - "affected" : "=", - "version_value" : "7.11.1" - }, - { - "affected" : "=", - "version_value" : "7.12.0" - }, - { - "affected" : "=", - "version_value" : "7.13.0" - }, - { - "affected" : "=", - "version_value" : "7.14.0" - }, - { - "affected" : "=", - "version_value" : "10.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could perform administrative functions provided by the web interface of the affected component." - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2019-01-16T17:00:00.000Z", + "ID": "CVE-2018-18813", + "STATE": "PUBLIC", + "TITLE": "TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "10.0.0" + } + ] + } + }, + { + "product_name": "TIBCO Spotfire Server", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "7.10.1" + }, + { + "affected": "=", + "version_value": "7.11.0" + }, + { + "affected": "=", + "version_value": "7.11.1" + }, + { + "affected": "=", + "version_value": "7.12.0" + }, + { + "affected": "=", + "version_value": "7.13.0" + }, + { + "affected": "=", + "version_value": "7.14.0" + }, + { + "affected": "=", + "version_value": "10.0.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/services/support/advisories", - "refsource" : "MISC", - "url" : "http://www.tibco.com/services/support/advisories" - }, - { - "name" : "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813" - }, - { - "name" : "106635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106635" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher\nTIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher\nTIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, and 10.0.0 update to version 10.0.1 or higher\n" - } - ], - "source" : { - "discovery" : "USER" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could perform administrative functions provided by the web interface of the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106635" + }, + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "MISC", + "url": "http://www.tibco.com/services/support/advisories" + }, + { + "name": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher\nTIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher\nTIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, and 10.0.0 update to version 10.0.1 or higher\n" + } + ], + "source": { + "discovery": "USER" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5041.json b/2018/5xxx/CVE-2018-5041.json index bc9b66f1850..a519b84e193 100644 --- a/2018/5xxx/CVE-2018-5041.json +++ b/2018/5xxx/CVE-2018-5041.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5046.json b/2018/5xxx/CVE-2018-5046.json index 05ee955da35..d5d214225c9 100644 --- a/2018/5xxx/CVE-2018-5046.json +++ b/2018/5xxx/CVE-2018-5046.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5804.json b/2018/5xxx/CVE-2018-5804.json index d5b9b06b014..89bcb4e9a8c 100644 --- a/2018/5xxx/CVE-2018-5804.json +++ b/2018/5xxx/CVE-2018-5804.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2018-5804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibRaw", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 0.18.8" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A type confusion error within the \"identify()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS (Denial of Service) through division by zero" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2018-5804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibRaw", + "version": { + "version_data": [ + { + "version_value": "Prior to 0.18.8" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" - }, - { - "name" : "https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/" - }, - { - "name" : "81000", - "refsource" : "SECUNIA", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/81000/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A type confusion error within the \"identify()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS (Denial of Service) through division by zero" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81000", + "refsource": "SECUNIA", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/81000/" + }, + { + "name": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" + }, + { + "name": "https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5809.json b/2018/5xxx/CVE-2018-5809.json index cf067f2a062..502c68188a3 100644 --- a/2018/5xxx/CVE-2018-5809.json +++ b/2018/5xxx/CVE-2018-5809.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2018-5809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibRaw", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 0.18.9" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error within the \"LibRaw::parse_exif()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary code execution through stack-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2018-5809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibRaw", + "version": { + "version_data": [ + { + "version_value": "Prior to 0.18.9" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" - }, - { - "name" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/" - }, - { - "name" : "81800", - "refsource" : "SECUNIA", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/81800/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error within the \"LibRaw::parse_exif()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary code execution through stack-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" + }, + { + "name": "81800", + "refsource": "SECUNIA", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/81800/" + }, + { + "name": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/" + } + ] + } +} \ No newline at end of file