From dcf14a440031b177c224a77075db0beb558a3006 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:09:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0263.json | 140 +++++------ 2001/0xxx/CVE-2001-0491.json | 130 +++++------ 2001/0xxx/CVE-2001-0969.json | 150 ++++++------ 2001/0xxx/CVE-2001-0971.json | 140 +++++------ 2001/1xxx/CVE-2001-1018.json | 140 +++++------ 2001/1xxx/CVE-2001-1161.json | 170 +++++++------- 2001/1xxx/CVE-2001-1299.json | 170 +++++++------- 2006/2xxx/CVE-2006-2150.json | 140 +++++------ 2006/2xxx/CVE-2006-2171.json | 180 +++++++------- 2006/2xxx/CVE-2006-2926.json | 180 +++++++------- 2006/6xxx/CVE-2006-6170.json | 300 ++++++++++++------------ 2006/6xxx/CVE-2006-6826.json | 140 +++++------ 2011/2xxx/CVE-2011-2006.json | 34 +-- 2011/2xxx/CVE-2011-2011.json | 150 ++++++------ 2011/2xxx/CVE-2011-2039.json | 180 +++++++------- 2011/2xxx/CVE-2011-2073.json | 34 +-- 2011/2xxx/CVE-2011-2671.json | 180 +++++++------- 2011/3xxx/CVE-2011-3328.json | 210 ++++++++--------- 2011/3xxx/CVE-2011-3330.json | 170 +++++++------- 2011/3xxx/CVE-2011-3462.json | 130 +++++------ 2011/3xxx/CVE-2011-3949.json | 130 +++++------ 2011/4xxx/CVE-2011-4023.json | 120 +++++----- 2011/4xxx/CVE-2011-4627.json | 34 +-- 2013/0xxx/CVE-2013-0732.json | 140 +++++------ 2013/1xxx/CVE-2013-1259.json | 140 +++++------ 2013/1xxx/CVE-2013-1264.json | 140 +++++------ 2013/1xxx/CVE-2013-1487.json | 220 +++++++++--------- 2013/1xxx/CVE-2013-1707.json | 140 +++++------ 2013/1xxx/CVE-2013-1867.json | 34 +-- 2013/5xxx/CVE-2013-5430.json | 130 +++++------ 2013/5xxx/CVE-2013-5911.json | 130 +++++------ 2014/2xxx/CVE-2014-2553.json | 140 +++++------ 2014/2xxx/CVE-2014-2780.json | 140 +++++------ 2014/2xxx/CVE-2014-2834.json | 34 +-- 2014/2xxx/CVE-2014-2922.json | 140 +++++------ 2017/0xxx/CVE-2017-0041.json | 34 +-- 2017/0xxx/CVE-2017-0093.json | 140 +++++------ 2017/0xxx/CVE-2017-0600.json | 172 +++++++------- 2017/1000xxx/CVE-2017-1000494.json | 144 ++++++------ 2017/12xxx/CVE-2017-12721.json | 130 +++++------ 2017/16xxx/CVE-2017-16153.json | 132 +++++------ 2017/16xxx/CVE-2017-16447.json | 34 +-- 2017/16xxx/CVE-2017-16679.json | 142 +++++------ 2017/16xxx/CVE-2017-16690.json | 142 +++++------ 2017/16xxx/CVE-2017-16886.json | 130 +++++------ 2017/1xxx/CVE-2017-1739.json | 160 ++++++------- 2017/4xxx/CVE-2017-4001.json | 34 +-- 2017/4xxx/CVE-2017-4659.json | 34 +-- 2017/4xxx/CVE-2017-4669.json | 34 +-- 2017/4xxx/CVE-2017-4676.json | 34 +-- 2018/5xxx/CVE-2018-5188.json | 362 ++++++++++++++--------------- 2018/5xxx/CVE-2018-5592.json | 34 +-- 52 files changed, 3386 insertions(+), 3386 deletions(-) diff --git a/2001/0xxx/CVE-2001-0263.json b/2001/0xxx/CVE-2001-0263.json index 3802a7d5913..52683f519cc 100644 --- a/2001/0xxx/CVE-2001-0263.json +++ b/2001/0xxx/CVE-2001-0263.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the \"show relative paths\" option is not enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A040301-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2001/a040301-1.txt" - }, - { - "name" : "2537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2537" - }, - { - "name" : "bpftp-obtain-credentials(6330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the \"show relative paths\" option is not enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bpftp-obtain-credentials(6330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6330" + }, + { + "name": "A040301-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2001/a040301-1.txt" + }, + { + "name": "2537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2537" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0491.json b/2001/0xxx/CVE-2001-0491.json index a504e2c5999..fc65efc97a7 100644 --- a/2001/0xxx/CVE-2001-0491.json +++ b/2001/0xxx/CVE-2001-0491.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010425 Vulnerabilities in RaidenFTPD Server ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0465.html" - }, - { - "name" : "raidenftpd-dot-directory-traversal(6455)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20010425 Vulnerabilities in RaidenFTPD Server", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0465.html" + }, + { + "name": "raidenftpd-dot-directory-traversal(6455)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6455" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0969.json b/2001/0xxx/CVE-2001-0969.json index bf02dbf70ca..637b5ec7a97 100644 --- a/2001/0xxx/CVE-2001-0969.json +++ b/2001/0xxx/CVE-2001-0969.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ipfw in FreeBSD does not properly handle the use of \"me\" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-01:53", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc" - }, - { - "name" : "ipfw-me-unauthorized-access(7002)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7002" - }, - { - "name" : "3206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3206" - }, - { - "name" : "1937", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ipfw in FreeBSD does not properly handle the use of \"me\" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3206" + }, + { + "name": "FreeBSD-SA-01:53", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc" + }, + { + "name": "ipfw-me-unauthorized-access(7002)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7002" + }, + { + "name": "1937", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1937" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0971.json b/2001/0xxx/CVE-2001-0971.json index 58034499e53..79be5ea278a 100644 --- a/2001/0xxx/CVE-2001-0971.json +++ b/2001/0xxx/CVE-2001-0971.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010820 ACI 4D WebServer Directory traversal.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/206102" - }, - { - "name" : "3209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3209" - }, - { - "name" : "4d-webserver-directory-traversal(7010)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7010.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3209" + }, + { + "name": "20010820 ACI 4D WebServer Directory traversal.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/206102" + }, + { + "name": "4d-webserver-directory-traversal(7010)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7010.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1018.json b/2001/1xxx/CVE-2001-1018.json index bef6c78ab32..e0f6ab56650 100644 --- a/2001/1xxx/CVE-2001-1018.json +++ b/2001/1xxx/CVE-2001-1018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010919 lotus domino server 5.08 is very gabby", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100094373621813&w=2" - }, - { - "name" : "3350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3350" - }, - { - "name" : "lotus-domino-ip-reveal(7180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010919 lotus domino server 5.08 is very gabby", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100094373621813&w=2" + }, + { + "name": "3350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3350" + }, + { + "name": "lotus-domino-ip-reveal(7180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7180" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1161.json b/2001/1xxx/CVE-2001-1161.json index e5024703d3b..fc4dd9757dc 100644 --- a/2001/1xxx/CVE-2001-1161.json +++ b/2001/1xxx/CVE-2001-1161.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010702 Lotus Domino Server Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/194465" - }, - { - "name" : "20010702 Re: Lotus Domino Server Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/194609" - }, - { - "name" : "VU#642239", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/642239" - }, - { - "name" : "2962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2962" - }, - { - "name" : "lotus-domino-css(6789)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6789.php" - }, - { - "name" : "1887", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-domino-css(6789)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6789.php" + }, + { + "name": "2962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2962" + }, + { + "name": "20010702 Re: Lotus Domino Server Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/194609" + }, + { + "name": "VU#642239", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/642239" + }, + { + "name": "1887", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1887" + }, + { + "name": "20010702 Lotus Domino Server Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/194465" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1299.json b/2001/1xxx/CVE-2001-1299.json index 906a0676c4e..0edd1087756 100644 --- a/2001/1xxx/CVE-2001-1299.json +++ b/2001/1xxx/CVE-2001-1299.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011002 results of semi-automatic source code audit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html" - }, - { - "name" : "VU#847803", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/847803" - }, - { - "name" : "http://www.come.to/zorbat/", - "refsource" : "CONFIRM", - "url" : "http://www.come.to/zorbat/" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/JARL-53RJKV", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JARL-53RJKV" - }, - { - "name" : "3386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3386" - }, - { - "name" : "php-includedir-code-execution(7215)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7215.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011002 results of semi-automatic source code audit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html" + }, + { + "name": "php-includedir-code-execution(7215)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7215.php" + }, + { + "name": "VU#847803", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/847803" + }, + { + "name": "3386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3386" + }, + { + "name": "http://www.kb.cert.org/vuls/id/JARL-53RJKV", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JARL-53RJKV" + }, + { + "name": "http://www.come.to/zorbat/", + "refsource": "CONFIRM", + "url": "http://www.come.to/zorbat/" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2150.json b/2006/2xxx/CVE-2006-2150.json index 48903fb520f..692aff7fe72 100644 --- a/2006/2xxx/CVE-2006-2150.json +++ b/2006/2xxx/CVE-2006-2150.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060428 TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432453/100/0/threaded" - }, - { - "name" : "25294", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25294" - }, - { - "name" : "toplist-toplist-list-file-include(26172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "toplist-toplist-list-file-include(26172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26172" + }, + { + "name": "20060428 TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432453/100/0/threaded" + }, + { + "name": "25294", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25294" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2171.json b/2006/2xxx/CVE-2006-2171.json index 9aec463ef0a..db22e2dcb7e 100644 --- a/2006/2xxx/CVE-2006-2171.json +++ b/2006/2xxx/CVE-2006-2171.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060502 FTP Fuzzer", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=114658586018818&w=2" - }, - { - "name" : "20060508 INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html" - }, - { - "name" : "http://www.infigo.hr/en/in_focus/tools", - "refsource" : "MISC", - "url" : "http://www.infigo.hr/en/in_focus/tools" - }, - { - "name" : "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03", - "refsource" : "MISC", - "url" : "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03" - }, - { - "name" : "17803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17803" - }, - { - "name" : "25220", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25220" - }, - { - "name" : "warftpd-wdm-bo(26304)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.infigo.hr/en/in_focus/tools", + "refsource": "MISC", + "url": "http://www.infigo.hr/en/in_focus/tools" + }, + { + "name": "20060502 FTP Fuzzer", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=114658586018818&w=2" + }, + { + "name": "17803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17803" + }, + { + "name": "25220", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25220" + }, + { + "name": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03", + "refsource": "MISC", + "url": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03" + }, + { + "name": "warftpd-wdm-bo(26304)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26304" + }, + { + "name": "20060508 INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2926.json b/2006/2xxx/CVE-2006-2926.json index 141240aa7ce..e7a0d9a4aa8 100644 --- a/2006/2xxx/CVE-2006-2926.json +++ b/2006/2xxx/CVE-2006-2926.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046646.html" - }, - { - "name" : "20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046649.html" - }, - { - "name" : "18312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18312" - }, - { - "name" : "ADV-2006-2182", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2182" - }, - { - "name" : "1016239", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016239" - }, - { - "name" : "20483", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20483" - }, - { - "name" : "wingate-http-proxy-bo(26970)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18312" + }, + { + "name": "wingate-http-proxy-bo(26970)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26970" + }, + { + "name": "1016239", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016239" + }, + { + "name": "20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046646.html" + }, + { + "name": "20483", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20483" + }, + { + "name": "20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046649.html" + }, + { + "name": "ADV-2006-2182", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2182" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6170.json b/2006/6xxx/CVE-2006-6170.json index f7b64a7e31d..97783fe6431 100644 --- a/2006/6xxx/CVE-2006-6170.json +++ b/2006/6xxx/CVE-2006-6170.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061121 Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452228/100/100/threaded" - }, - { - "name" : "20061128 ProFTPD mod_tls pre-authentication buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452872/100/0/threaded" - }, - { - "name" : "20061129 Re: ProFTPD mod_tls pre-authentication buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452993/100/100/threaded" - }, - { - "name" : "20061128 ProFTPD mod_tls pre-authentication buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html" - }, - { - "name" : "http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html", - "refsource" : "MISC", - "url" : "http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820" - }, - { - "name" : "DSA-1222", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1222" - }, - { - "name" : "GLSA-200611-26", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml" - }, - { - "name" : "MDKSA-2006:217-1", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1" - }, - { - "name" : "SSA:2006-335-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491" - }, - { - "name" : "2006-0066", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0066" - }, - { - "name" : "21326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21326" - }, - { - "name" : "ADV-2006-4745", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4745" - }, - { - "name" : "23141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23141" - }, - { - "name" : "23174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23174" - }, - { - "name" : "23179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23179" - }, - { - "name" : "23184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23184" - }, - { - "name" : "23207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23207" - }, - { - "name" : "proftpd-modtls-bo(30554)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1222", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1222" + }, + { + "name": "20061128 ProFTPD mod_tls pre-authentication buffer overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html" + }, + { + "name": "20061129 Re: ProFTPD mod_tls pre-authentication buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452993/100/100/threaded" + }, + { + "name": "23207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23207" + }, + { + "name": "SSA:2006-335-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.502491" + }, + { + "name": "23141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23141" + }, + { + "name": "23174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23174" + }, + { + "name": "MDKSA-2006:217-1", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1" + }, + { + "name": "21326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21326" + }, + { + "name": "20061128 ProFTPD mod_tls pre-authentication buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452872/100/0/threaded" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820" + }, + { + "name": "23184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23184" + }, + { + "name": "http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html", + "refsource": "MISC", + "url": "http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html" + }, + { + "name": "2006-0066", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0066" + }, + { + "name": "23179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23179" + }, + { + "name": "GLSA-200611-26", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml" + }, + { + "name": "20061121 Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452228/100/100/threaded" + }, + { + "name": "proftpd-modtls-bo(30554)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30554" + }, + { + "name": "ADV-2006-4745", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4745" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6826.json b/2006/6xxx/CVE-2006-6826.json index 676e3fbca01..a5527190620 100644 --- a/2006/6xxx/CVE-2006-6826.json +++ b/2006/6xxx/CVE-2006-6826.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a \"Security leak.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=460503", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=460503" - }, - { - "name" : "ADV-2006-4452", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4452" - }, - { - "name" : "personal-tabeditor-security-bypass(30181)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a \"Security leak.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=460503", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=460503" + }, + { + "name": "personal-tabeditor-security-bypass(30181)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30181" + }, + { + "name": "ADV-2006-4452", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4452" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2006.json b/2011/2xxx/CVE-2011-2006.json index f16b1ce06ea..cc1acd2ff2d 100644 --- a/2011/2xxx/CVE-2011-2006.json +++ b/2011/2xxx/CVE-2011-2006.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2006", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2006", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2011.json b/2011/2xxx/CVE-2011-2011.json index b627c4b2b0e..506ea3b4d19 100644 --- a/2011/2xxx/CVE-2011-2011.json +++ b/2011/2xxx/CVE-2011-2011.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-2011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-077", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077" - }, - { - "name" : "49981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49981" - }, - { - "name" : "oval:org.mitre.oval:def:12904", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12904" - }, - { - "name" : "1026165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49981" + }, + { + "name": "1026165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026165" + }, + { + "name": "MS11-077", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077" + }, + { + "name": "oval:org.mitre.oval:def:12904", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12904" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2039.json b/2011/2xxx/CVE-2011-2039.json index d4ffb011968..940f370aa46 100644 --- a/2011/2xxx/CVE-2011-2039.json +++ b/2011/2xxx/CVE-2011-2039.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909" - }, - { - "name" : "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml" - }, - { - "name" : "VU#490097", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/490097" - }, - { - "name" : "72714", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72714" - }, - { - "name" : "1025591", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025591" - }, - { - "name" : "8272", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8272" - }, - { - "name" : "cisco-asmc-helper-code-execution(67739)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72714", + "refsource": "OSVDB", + "url": "http://osvdb.org/72714" + }, + { + "name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml" + }, + { + "name": "8272", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8272" + }, + { + "name": "1025591", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025591" + }, + { + "name": "VU#490097", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/490097" + }, + { + "name": "20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909" + }, + { + "name": "cisco-asmc-helper-code-execution(67739)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2073.json b/2011/2xxx/CVE-2011-2073.json index b0e6a6b2b84..ecbdd8a7ee4 100644 --- a/2011/2xxx/CVE-2011-2073.json +++ b/2011/2xxx/CVE-2011-2073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2073", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2073", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2671.json b/2011/2xxx/CVE-2011-2671.json index 10dec5353a6..515049bdaa1 100644 --- a/2011/2xxx/CVE-2011-2671.json +++ b/2011/2xxx/CVE-2011-2671.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Megalith 12th edition through 27th edition allows remote attackers to gain administrative privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-2671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://9.dotpp.net/software/megalith/JVN45458289/", - "refsource" : "CONFIRM", - "url" : "http://9.dotpp.net/software/megalith/JVN45458289/" - }, - { - "name" : "JVN#45458289", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN45458289/index.html" - }, - { - "name" : "JVNDB-2011-000073", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000073.html" - }, - { - "name" : "49533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49533" - }, - { - "name" : "75352", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75352" - }, - { - "name" : "45935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45935" - }, - { - "name" : "megalith-unspecified-security-bypass(69678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Megalith 12th edition through 27th edition allows remote attackers to gain administrative privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49533" + }, + { + "name": "JVNDB-2011-000073", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000073.html" + }, + { + "name": "45935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45935" + }, + { + "name": "75352", + "refsource": "OSVDB", + "url": "http://osvdb.org/75352" + }, + { + "name": "JVN#45458289", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN45458289/index.html" + }, + { + "name": "megalith-unspecified-security-bypass(69678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69678" + }, + { + "name": "http://9.dotpp.net/software/megalith/JVN45458289/", + "refsource": "CONFIRM", + "url": "http://9.dotpp.net/software/megalith/JVN45458289/" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3328.json b/2011/3xxx/CVE-2011-3328.json index 189a4a49592..98f9731bd33 100644 --- a/2011/3xxx/CVE-2011-3328.json +++ b/2011/3xxx/CVE-2011-3328.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-3328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://libpng.org/pub/png/libpng.html", - "refsource" : "CONFIRM", - "url" : "http://libpng.org/pub/png/libpng.html" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=740864", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=740864" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "VU#477046", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/477046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://libpng.org/pub/png/libpng.html", + "refsource": "CONFIRM", + "url": "http://libpng.org/pub/png/libpng.html" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "VU#477046", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/477046" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=740864", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740864" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3330.json b/2011/3xxx/CVE-2011-3330.json index 4f72e8a0ffd..7a4f738cc4b 100644 --- a/2011/3xxx/CVE-2011-3330.json +++ b/2011/3xxx/CVE-2011-3330.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-3330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf" - }, - { - "name" : "http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page", - "refsource" : "CONFIRM", - "url" : "http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page" - }, - { - "name" : "50319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50319" - }, - { - "name" : "1026234", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026234" - }, - { - "name" : "46534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46534" - }, - { - "name" : "schneider-unitelway-bo(70882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "schneider-unitelway-bo(70882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70882" + }, + { + "name": "50319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50319" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf" + }, + { + "name": "http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page", + "refsource": "CONFIRM", + "url": "http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page" + }, + { + "name": "46534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46534" + }, + { + "name": "1026234", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026234" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3462.json b/2011/3xxx/CVE-2011-3462.json index cc794b4af61..95072114ea9 100644 --- a/2011/3xxx/CVE-2011-3462.json +++ b/2011/3xxx/CVE-2011-3462.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3949.json b/2011/3xxx/CVE-2011-3949.json index b3c9f8d9d74..af2eb57648a 100644 --- a/2011/3xxx/CVE-2011-3949.json +++ b/2011/3xxx/CVE-2011-3949.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e2291ea1534d17306f685b8c8abc8585bbed87bf", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e2291ea1534d17306f685b8c8abc8585bbed87bf" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e2291ea1534d17306f685b8c8abc8585bbed87bf", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e2291ea1534d17306f685b8c8abc8585bbed87bf" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4023.json b/2011/4xxx/CVE-2011-4023.json index f95b836732d..204ee42498f 100644 --- a/2011/4xxx/CVE-2011-4023.json +++ b/2011/4xxx/CVE-2011-4023.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-4023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4627.json b/2011/4xxx/CVE-2011-4627.json index c7cb2830488..6fd6560cff3 100644 --- a/2011/4xxx/CVE-2011-4627.json +++ b/2011/4xxx/CVE-2011-4627.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4627", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4627", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0732.json b/2013/0xxx/CVE-2013-0732.json index c7bb1d7c6cc..df90544ecde 100644 --- a/2013/0xxx/CVE-2013-0732.json +++ b/2013/0xxx/CVE-2013-0732.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before 8.1 allows remote attackers to execute arbitrary code via crafted font table directory values in a TTF file, related to naming table entries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-0732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "60315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60315" - }, - { - "name" : "93870", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/93870" - }, - { - "name" : "51943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before 8.1 allows remote attackers to execute arbitrary code via crafted font table directory values in a TTF file, related to naming table entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51943" + }, + { + "name": "60315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60315" + }, + { + "name": "93870", + "refsource": "OSVDB", + "url": "http://osvdb.org/93870" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1259.json b/2013/1xxx/CVE-2013-1259.json index eaf50507886..b6b780fe36b 100644 --- a/2013/1xxx/CVE-2013-1259.json +++ b/2013/1xxx/CVE-2013-1259.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-016", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16344", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-016", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016" + }, + { + "name": "oval:org.mitre.oval:def:16344", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16344" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1264.json b/2013/1xxx/CVE-2013-1264.json index af230419196..d37e7ec3972 100644 --- a/2013/1xxx/CVE-2013-1264.json +++ b/2013/1xxx/CVE-2013-1264.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-016", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16379", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-016", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016" + }, + { + "name": "oval:org.mitre.oval:def:16379", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16379" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1487.json b/2013/1xxx/CVE-2013-1487.json index 952a5382156..20cdddbf6ce 100644 --- a/2013/1xxx/CVE-2013-1487.json +++ b/2013/1xxx/CVE-2013-1487.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "USN-1735-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1735-1" - }, - { - "name" : "TA13-051A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-051A.html" - }, - { - "name" : "58031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58031" - }, - { - "name" : "oval:org.mitre.oval:def:19511", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:19511", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19511" + }, + { + "name": "TA13-051A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "USN-1735-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1735-1" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "58031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58031" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1707.json b/2013/1xxx/CVE-2013-1707.json index 87c61ec23f5..38ab1668f5c 100644 --- a/2013/1xxx/CVE-2013-1707.json +++ b/2013/1xxx/CVE-2013-1707.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-66.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-66.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=888314", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=888314" - }, - { - "name" : "oval:org.mitre.oval:def:18871", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:18871", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18871" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=888314", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=888314" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-66.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-66.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1867.json b/2013/1xxx/CVE-2013-1867.json index e151809b3e2..ab6f2a8b29e 100644 --- a/2013/1xxx/CVE-2013-1867.json +++ b/2013/1xxx/CVE-2013-1867.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1867", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1867", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5430.json b/2013/5xxx/CVE-2013-5430.json index 820bae005dd..98509fb693c 100644 --- a/2013/5xxx/CVE-2013-5430.json +++ b/2013/5xxx/CVE-2013-5430.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21653287", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21653287" - }, - { - "name" : "appscan-cve20135430-default-cred(87562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "appscan-cve20135430-default-cred(87562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87562" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21653287", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653287" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5911.json b/2013/5xxx/CVE-2013-5911.json index 76db1a0e526..6389b16e23d 100644 --- a/2013/5xxx/CVE-2013-5911.json +++ b/2013/5xxx/CVE-2013-5911.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discussions.nessus.org/message/22174#22174", - "refsource" : "CONFIRM", - "url" : "https://discussions.nessus.org/message/22174#22174" - }, - { - "name" : "97584", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/97584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://discussions.nessus.org/message/22174#22174", + "refsource": "CONFIRM", + "url": "https://discussions.nessus.org/message/22174#22174" + }, + { + "name": "97584", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/97584" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2553.json b/2014/2xxx/CVE-2014-2553.json index 0b7a7fe6a19..377e0a09d8d 100644 --- a/2014/2xxx/CVE-2014-2553.json +++ b/2014/2xxx/CVE-2014-2553.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.otrs.com/security-advisory-2014-04-xss-issue", - "refsource" : "CONFIRM", - "url" : "https://www.otrs.com/security-advisory-2014-04-xss-issue" - }, - { - "name" : "openSUSE-SU-2014:0561", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html" - }, - { - "name" : "57616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57616" + }, + { + "name": "https://www.otrs.com/security-advisory-2014-04-xss-issue", + "refsource": "CONFIRM", + "url": "https://www.otrs.com/security-advisory-2014-04-xss-issue" + }, + { + "name": "openSUSE-SU-2014:0561", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2780.json b/2014/2xxx/CVE-2014-2780.json index 023b5b4913d..8980a299b67 100644 --- a/2014/2xxx/CVE-2014-2780.json +++ b/2014/2xxx/CVE-2014-2780.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka \"DirectShow Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140716 VUPEN Security Research - Microsoft Windows \"DirectShow\" Privilege Escalation Vulnerability (Pwn2Own 2014)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532800/100/0/threaded" - }, - { - "name" : "MS14-041", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-041" - }, - { - "name" : "68392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka \"DirectShow Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140716 VUPEN Security Research - Microsoft Windows \"DirectShow\" Privilege Escalation Vulnerability (Pwn2Own 2014)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532800/100/0/threaded" + }, + { + "name": "MS14-041", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-041" + }, + { + "name": "68392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68392" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2834.json b/2014/2xxx/CVE-2014-2834.json index 007dca9c14f..32ff4aee73c 100644 --- a/2014/2xxx/CVE-2014-2834.json +++ b/2014/2xxx/CVE-2014-2834.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2834", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2834", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2922.json b/2014/2xxx/CVE-2014-2922.json index 3d6ffbe2f95..6bea81bfea7 100644 --- a/2014/2xxx/CVE-2014-2922.json +++ b/2014/2xxx/CVE-2014-2922.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors involving a Zend_Http_Response_Stream object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140421 Re: Remote code execution in Pimcore CMS", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/04/21/1" - }, - { - "name" : "https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt", - "refsource" : "MISC", - "url" : "https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt" - }, - { - "name" : "http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442", - "refsource" : "CONFIRM", - "url" : "http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors involving a Zend_Http_Response_Stream object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442", + "refsource": "CONFIRM", + "url": "http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442" + }, + { + "name": "[oss-security] 20140421 Re: Remote code execution in Pimcore CMS", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/04/21/1" + }, + { + "name": "https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt", + "refsource": "MISC", + "url": "https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0041.json b/2017/0xxx/CVE-2017-0041.json index a439bfb2a46..8a7b6d06405 100644 --- a/2017/0xxx/CVE-2017-0041.json +++ b/2017/0xxx/CVE-2017-0041.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0041", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0041", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0093.json b/2017/0xxx/CVE-2017-0093.json index f354750a2bf..092a6248dca 100644 --- a/2017/0xxx/CVE-2017-0093.json +++ b/2017/0xxx/CVE-2017-0093.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Edge" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0201." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Edge", + "version": { + "version_data": [ + { + "version_value": "Edge" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0093", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0093" - }, - { - "name" : "97419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97419" - }, - { - "name" : "1038234", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0201." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0093", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0093" + }, + { + "name": "1038234", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038234" + }, + { + "name": "97419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97419" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0600.json b/2017/0xxx/CVE-2017-0600.json index 38adcd7d668..baa24963a57 100644 --- a/2017/0xxx/CVE-2017-0600.json +++ b/2017/0xxx/CVE-2017-0600.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000494.json b/2017/1000xxx/CVE-2017-1000494.json index a7b8d2ceeaa..2722240ce8d 100644 --- a/2017/1000xxx/CVE-2017-1000494.json +++ b/2017/1000xxx/CVE-2017-1000494.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000494", - "REQUESTER" : "stephan@srlabs.de", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "miniupnpd", - "version" : { - "version_data" : [ - { - "version_value" : "2" - } - ] - } - } - ] - }, - "vendor_name" : "miniupnpd" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial-of-Service Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000494", + "REQUESTER": "stephan@srlabs.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a", - "refsource" : "CONFIRM", - "url" : "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a" - }, - { - "name" : "https://github.com/miniupnp/miniupnp/issues/268", - "refsource" : "CONFIRM", - "url" : "https://github.com/miniupnp/miniupnp/issues/268" - }, - { - "name" : "USN-3562-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3562-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a", + "refsource": "CONFIRM", + "url": "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a" + }, + { + "name": "USN-3562-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3562-1/" + }, + { + "name": "https://github.com/miniupnp/miniupnp/issues/268", + "refsource": "CONFIRM", + "url": "https://github.com/miniupnp/miniupnp/issues/268" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12721.json b/2017/12xxx/CVE-2017-12721.json index fa213d11cc4..8b29e88eba4 100644 --- a/2017/12xxx/CVE-2017-12721.json +++ b/2017/12xxx/CVE-2017-12721.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-12721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump", - "version" : { - "version_data" : [ - { - "version_value" : "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Certificate Validation" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-12721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump", + "version": { + "version_data": [ + { + "version_value": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" - }, - { - "name" : "100665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Certificate Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" + }, + { + "name": "100665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100665" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16153.json b/2017/16xxx/CVE-2017-16153.json index 0dbc70a0648..fe276de7c8e 100644 --- a/2017/16xxx/CVE-2017-16153.json +++ b/2017/16xxx/CVE-2017-16153.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "gaoxuyan node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gaoxuyan node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/gaoxuyan", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/gaoxuyan" - }, - { - "name" : "https://nodesecurity.io/advisories/378", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/378", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/378" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/gaoxuyan", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/gaoxuyan" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16447.json b/2017/16xxx/CVE-2017-16447.json index 9db52a1c256..de6ce1c53ea 100644 --- a/2017/16xxx/CVE-2017-16447.json +++ b/2017/16xxx/CVE-2017-16447.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16447", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16447", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16679.json b/2017/16xxx/CVE-2017-16679.json index f160e7a75cf..6b5dd2233c7 100644 --- a/2017/16xxx/CVE-2017-16679.json +++ b/2017/16xxx/CVE-2017-16679.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-16679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Startup Service", - "version" : { - "version_data" : [ - { - "version_value" : "SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52." - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "URL Redirection" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-16679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Startup Service", + "version": { + "version_data": [ + { + "version_value": "SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52." + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2520995", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2520995" - }, - { - "name" : "102157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Redirection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" + }, + { + "name": "102157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102157" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2520995", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2520995" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16690.json b/2017/16xxx/CVE-2017-16690.json index ce315e36868..7b83608000d 100644 --- a/2017/16xxx/CVE-2017-16690.json +++ b/2017/16xxx/CVE-2017-16690.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-16690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP Plant Connectivity", - "version" : { - "version_data" : [ - { - "version_value" : "2.3; 15.0" - } - ] - } - } - ] - }, - "vendor_name" : "SAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DLL preload attack" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-16690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP Plant Connectivity", + "version": { + "version_data": [ + { + "version_value": "2.3; 15.0" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", - "refsource" : "CONFIRM", - "url" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" - }, - { - "name" : "https://launchpad.support.sap.com/#/notes/2529480", - "refsource" : "CONFIRM", - "url" : "https://launchpad.support.sap.com/#/notes/2529480" - }, - { - "name" : "102145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL preload attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102145" + }, + { + "name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", + "refsource": "CONFIRM", + "url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" + }, + { + "name": "https://launchpad.support.sap.com/#/notes/2529480", + "refsource": "CONFIRM", + "url": "https://launchpad.support.sap.com/#/notes/2529480" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16886.json b/2017/16xxx/CVE-2017-16886.json index f671129f880..f688e532156 100644 --- a/2017/16xxx/CVE-2017-16886.json +++ b/2017/16xxx/CVE-2017-16886.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43460", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43460/" - }, - { - "name" : "20180109 FiberHome MIFI LM53Q1 Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jan/28" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43460", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43460/" + }, + { + "name": "20180109 FiberHome MIFI LM53Q1 Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jan/28" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1739.json b/2017/1xxx/CVE-2017-1739.json index 79c2644dba6..d8d9f4cf283 100644 --- a/2017/1xxx/CVE-2017-1739.json +++ b/2017/1xxx/CVE-2017-1739.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2017-1739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cram Social Program Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.1.1" - }, - { - "version_value" : "6.2.0" - }, - { - "version_value" : "7.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2017-1739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cram Social Program Management", + "version": { + "version_data": [ + { + "version_value": "6.0.5" + }, + { + "version_value": "6.1.1" + }, + { + "version_value": "6.2.0" + }, + { + "version_value": "7.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012366", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012366" - }, - { - "name" : "102492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102492" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012366", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012366" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4001.json b/2017/4xxx/CVE-2017-4001.json index 517694bcf89..81182da0532 100644 --- a/2017/4xxx/CVE-2017-4001.json +++ b/2017/4xxx/CVE-2017-4001.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4001", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4001", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4659.json b/2017/4xxx/CVE-2017-4659.json index 7d432f766fd..206b2294f92 100644 --- a/2017/4xxx/CVE-2017-4659.json +++ b/2017/4xxx/CVE-2017-4659.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4659", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4659", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4669.json b/2017/4xxx/CVE-2017-4669.json index f57b3388be8..4560ae8fbc3 100644 --- a/2017/4xxx/CVE-2017-4669.json +++ b/2017/4xxx/CVE-2017-4669.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4669", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4669", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4676.json b/2017/4xxx/CVE-2017-4676.json index 495a445d3af..15a9e4e30e4 100644 --- a/2017/4xxx/CVE-2017-4676.json +++ b/2017/4xxx/CVE-2017-4676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4676", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4676", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5188.json b/2018/5xxx/CVE-2018-5188.json index 0bc8e882e6d..4e9444857a9 100644 --- a/2018/5xxx/CVE-2018-5188.json +++ b/2018/5xxx/CVE-2018-5188.json @@ -1,183 +1,183 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60" - }, - { - "version_affected" : "<", - "version_value" : "52.9" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.1" - }, - { - "version_affected" : "<", - "version_value" : "52.9" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "61" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60" + }, + { + "version_affected": "<", + "version_value": "52.9" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.1" + }, + { + "version_affected": "<", + "version_value": "52.9" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "61" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html" - }, - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html" - }, - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456189%2C1456975%2C1465898%2C1392739%2C1451297%2C1464063%2C1437842%2C1442722%2C1452576%2C1450688%2C1458264%2C1458270%2C1465108%2C1464829%2C1464079%2C1463494%2C1458048", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456189%2C1456975%2C1465898%2C1392739%2C1451297%2C1464063%2C1437842%2C1442722%2C1452576%2C1450688%2C1458264%2C1458270%2C1465108%2C1464829%2C1464079%2C1463494%2C1458048" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-15/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-16/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-16/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-17/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-17/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-18/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-18/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-19/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-19/" - }, - { - "name" : "DSA-4244", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4244" - }, - { - "name" : "GLSA-201810-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-01" - }, - { - "name" : "GLSA-201811-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-13" - }, - { - "name" : "RHSA-2018:2112", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2112" - }, - { - "name" : "RHSA-2018:2113", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2113" - }, - { - "name" : "RHSA-2018:2251", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2251" - }, - { - "name" : "RHSA-2018:2252", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2252" - }, - { - "name" : "USN-3705-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3705-1/" - }, - { - "name" : "USN-3714-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3714-1/" - }, - { - "name" : "USN-3749-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3749-1/" - }, - { - "name" : "104555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201810-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-01" + }, + { + "name": "104555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104555" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/" + }, + { + "name": "RHSA-2018:2112", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2112" + }, + { + "name": "USN-3749-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3749-1/" + }, + { + "name": "GLSA-201811-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-13" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-18/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-18/" + }, + { + "name": "RHSA-2018:2113", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2113" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-16/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456189%2C1456975%2C1465898%2C1392739%2C1451297%2C1464063%2C1437842%2C1442722%2C1452576%2C1450688%2C1458264%2C1458270%2C1465108%2C1464829%2C1464079%2C1463494%2C1458048", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456189%2C1456975%2C1465898%2C1392739%2C1451297%2C1464063%2C1437842%2C1442722%2C1452576%2C1450688%2C1458264%2C1458270%2C1465108%2C1464829%2C1464079%2C1463494%2C1458048" + }, + { + "name": "DSA-4244", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4244" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-19/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/" + }, + { + "name": "RHSA-2018:2252", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2252" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-17/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html" + }, + { + "name": "RHSA-2018:2251", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2251" + }, + { + "name": "USN-3705-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3705-1/" + }, + { + "name": "USN-3714-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3714-1/" + }, + { + "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5592.json b/2018/5xxx/CVE-2018-5592.json index e81412d4405..ba22f0261a9 100644 --- a/2018/5xxx/CVE-2018-5592.json +++ b/2018/5xxx/CVE-2018-5592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file