diff --git a/2001/1xxx/CVE-2001-1095.json b/2001/1xxx/CVE-2001-1095.json index c9d3036e03a..ee86dee814d 100644 --- a/2001/1xxx/CVE-2001-1095.json +++ b/2001/1xxx/CVE-2001-1095.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY23401", - "refsource" : "AIXAPAR", - "url" : "http://archives.neohapsis.com/archives/aix/2001-q4/0000.html" - }, - { - "name" : "IY24231", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY24231&apar=only" - }, - { - "name" : "5469", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5469", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5469" + }, + { + "name": "IY24231", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY24231&apar=only" + }, + { + "name": "IY23401", + "refsource": "AIXAPAR", + "url": "http://archives.neohapsis.com/archives/aix/2001-q4/0000.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2005.json b/2006/2xxx/CVE-2006-2005.json index 0241b008f6e..b5890adb11c 100644 --- a/2006/2xxx/CVE-2006-2005.json +++ b/2006/2xxx/CVE-2006-2005.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an \"include\" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060423 Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431873/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?getxpl=29", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?getxpl=29" - }, - { - "name" : "17660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17660" - }, - { - "name" : "25083", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25083" - }, - { - "name" : "1015988", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015988" - }, - { - "name" : "782", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/782" - }, - { - "name" : "clansys-index-file-include(25976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an \"include\" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "clansys-index-file-include(25976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25976" + }, + { + "name": "http://www.nukedx.com/?getxpl=29", + "refsource": "MISC", + "url": "http://www.nukedx.com/?getxpl=29" + }, + { + "name": "20060423 Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431873/100/0/threaded" + }, + { + "name": "782", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/782" + }, + { + "name": "1015988", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015988" + }, + { + "name": "25083", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25083" + }, + { + "name": "17660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17660" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2036.json b/2006/2xxx/CVE-2006-2036.json index 52b874b844c..4ef2d2f00ad 100644 --- a/2006/2xxx/CVE-2006-2036.json +++ b/2006/2xxx/CVE-2006-2036.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060422 ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431904/100/0/threaded" - }, - { - "name" : "20060425 Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431989/100/0/threaded" - }, - { - "name" : "17656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17656" - }, - { - "name" : "1015980", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015980" - }, - { - "name" : "19771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19771" - }, - { - "name" : "iopus-insecure-passwords(26266)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060425 Re: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431989/100/0/threaded" + }, + { + "name": "19771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19771" + }, + { + "name": "1015980", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015980" + }, + { + "name": "iopus-insecure-passwords(26266)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26266" + }, + { + "name": "20060422 ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431904/100/0/threaded" + }, + { + "name": "17656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17656" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2080.json b/2006/2xxx/CVE-2006-2080.json index ca644a156ed..21129a4c519 100644 --- a/2006/2xxx/CVE-2006-2080.json +++ b/2006/2xxx/CVE-2006-2080.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060425 Instant Photo Gallery <= Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432024/100/0/threaded" - }, - { - "name" : "20060427 Re: Instant Photo Gallery <= Multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432241/100/0/threaded" - }, - { - "name" : "20060427 Instant Photo Gallery <= Multiple XSS (fwd)", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-April/000733.html" - }, - { - "name" : "17696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17696" - }, - { - "name" : "ADV-2006-1533", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1533" - }, - { - "name" : "24986", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24986" - }, - { - "name" : "24987", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24987" - }, - { - "name" : "19813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19813" - }, - { - "name" : "803", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1533", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1533" + }, + { + "name": "24987", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24987" + }, + { + "name": "20060427 Instant Photo Gallery <= Multiple XSS (fwd)", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-April/000733.html" + }, + { + "name": "24986", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24986" + }, + { + "name": "17696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17696" + }, + { + "name": "19813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19813" + }, + { + "name": "803", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/803" + }, + { + "name": "20060427 Re: Instant Photo Gallery <= Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432241/100/0/threaded" + }, + { + "name": "20060425 Instant Photo Gallery <= Multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432024/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2177.json b/2006/2xxx/CVE-2006-2177.json index f2f0467a351..b0543c899c5 100644 --- a/2006/2xxx/CVE-2006-2177.json +++ b/2006/2xxx/CVE-2006-2177.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060502 geoBlog Mutiple XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432720/100/0/threaded" - }, - { - "name" : "http://www.subjectzero.net/research/geoblog.htm", - "refsource" : "MISC", - "url" : "http://www.subjectzero.net/research/geoblog.htm" - }, - { - "name" : "17784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17784" - }, - { - "name" : "833", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/833" - }, - { - "name" : "geoblog-viewcat-xss(26204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "geoblog-viewcat-xss(26204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26204" + }, + { + "name": "17784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17784" + }, + { + "name": "http://www.subjectzero.net/research/geoblog.htm", + "refsource": "MISC", + "url": "http://www.subjectzero.net/research/geoblog.htm" + }, + { + "name": "20060502 geoBlog Mutiple XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432720/100/0/threaded" + }, + { + "name": "833", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/833" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2508.json b/2006/2xxx/CVE-2006-2508.json index 7dd7e5934a3..f139d1786ba 100644 --- a/2006/2xxx/CVE-2006-2508.json +++ b/2006/2xxx/CVE-2006-2508.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060519 Yourfreeworld Styleish Text Ads Script", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434527/100/0/threaded" - }, - { - "name" : "18044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18044" - }, - { - "name" : "ADV-2006-1897", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1897" - }, - { - "name" : "25691", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25691" - }, - { - "name" : "25692", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25692" - }, - { - "name" : "20213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20213" - }, - { - "name" : "931", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/931" - }, - { - "name" : "yourfreeworld-tr1-advertise-sql-injection(26569)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26569" - }, - { - "name" : "yourfreeworld-tr1-advertise-xss(26570)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25692", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25692" + }, + { + "name": "ADV-2006-1897", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1897" + }, + { + "name": "25691", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25691" + }, + { + "name": "20060519 Yourfreeworld Styleish Text Ads Script", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434527/100/0/threaded" + }, + { + "name": "yourfreeworld-tr1-advertise-sql-injection(26569)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26569" + }, + { + "name": "yourfreeworld-tr1-advertise-xss(26570)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26570" + }, + { + "name": "20213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20213" + }, + { + "name": "931", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/931" + }, + { + "name": "18044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18044" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2808.json b/2006/2xxx/CVE-2006-2808.json index 7595b610a04..65cdc4fa3de 100644 --- a/2006/2xxx/CVE-2006-2808.json +++ b/2006/2xxx/CVE-2006-2808.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra \"iframe\" tagname within that element, followed by a double \">\", which might bypass cleansing operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060527 html Guest Gear", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435220/100/0/threaded" - }, - { - "name" : "1036", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra \"iframe\" tagname within that element, followed by a double \">\", which might bypass cleansing operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1036" + }, + { + "name": "20060527 html Guest Gear", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435220/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2929.json b/2006/2xxx/CVE-2006-2929.json index 6de3f072b9b..232e31b5606 100644 --- a/2006/2xxx/CVE-2006-2929.json +++ b/2006/2xxx/CVE-2006-2929.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1886", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1886" - }, - { - "name" : "ADV-2006-2196", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2196" - }, - { - "name" : "20505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20505" - }, - { - "name" : "openemr-fileroot-file-include(26984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20505" + }, + { + "name": "1886", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1886" + }, + { + "name": "openemr-fileroot-file-include(26984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26984" + }, + { + "name": "ADV-2006-2196", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2196" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3409.json b/2006/3xxx/CVE-2006-3409.json index 05ec8cf361f..58cc977cd6d 100644 --- a/2006/3xxx/CVE-2006-3409.json +++ b/2006/3xxx/CVE-2006-3409.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tor.eff.org/cvs/tor/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://tor.eff.org/cvs/tor/ChangeLog" - }, - { - "name" : "GLSA-200606-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml" - }, - { - "name" : "18323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18323" - }, - { - "name" : "20277", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20277" - }, - { - "name" : "20514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20514" - }, - { - "name" : "tor-smartlists-bo(26795)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20277", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20277" + }, + { + "name": "18323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18323" + }, + { + "name": "20514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20514" + }, + { + "name": "GLSA-200606-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200606-04.xml" + }, + { + "name": "http://tor.eff.org/cvs/tor/ChangeLog", + "refsource": "CONFIRM", + "url": "http://tor.eff.org/cvs/tor/ChangeLog" + }, + { + "name": "tor-smartlists-bo(26795)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26795" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3463.json b/2006/3xxx/CVE-2006-3463.json index c5bb8dfc29f..4c5aea284ca 100644 --- a/2006/3xxx/CVE-2006-3463.json +++ b/2006/3xxx/CVE-2006-3463.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.rpath.com/browse/RPL-558", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-558" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm" - }, - { - "name" : "DSA-1137", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1137" - }, - { - "name" : "GLSA-200608-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml" - }, - { - "name" : "MDKSA-2006:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136" - }, - { - "name" : "MDKSA-2006:137", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137" - }, - { - "name" : "RHSA-2006:0603", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0603.html" - }, - { - "name" : "RHSA-2006:0648", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0648.html" - }, - { - "name" : "20060801-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" - }, - { - "name" : "20060901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" - }, - { - "name" : "SSA:2006-230-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600" - }, - { - "name" : "103160", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1" - }, - { - "name" : "201331", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1" - }, - { - "name" : "SUSE-SA:2006:044", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html" - }, - { - "name" : "2006-0044", - "refsource" : "TRUSTIX", - "url" : "http://lwn.net/Alerts/194228/" - }, - { - "name" : "USN-330-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-330-1" - }, - { - "name" : "19284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19284" - }, - { - "name" : "oval:org.mitre.oval:def:10639", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639" - }, - { - "name" : "ADV-2006-3105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3105" - }, - { - "name" : "ADV-2007-3486", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3486" - }, - { - "name" : "ADV-2007-4034", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4034" - }, - { - "name" : "1016628", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016628" - }, - { - "name" : "21370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21370" - }, - { - "name" : "21274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21274" - }, - { - "name" : "21290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21290" - }, - { - "name" : "21334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21334" - }, - { - "name" : "21392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21392" - }, - { - "name" : "21501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21501" - }, - { - "name" : "21537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21537" - }, - { - "name" : "21632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21632" - }, - { - "name" : "21598", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21598" - }, - { - "name" : "22036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22036" - }, - { - "name" : "21304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21304" - }, - { - "name" : "21319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21319" - }, - { - "name" : "21338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21338" - }, - { - "name" : "21346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21346" - }, - { - "name" : "27181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27181" - }, - { - "name" : "27222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27222" - }, - { - "name" : "27832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060801-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" + }, + { + "name": "ADV-2007-3486", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3486" + }, + { + "name": "21501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21501" + }, + { + "name": "MDKSA-2006:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136" + }, + { + "name": "21537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21537" + }, + { + "name": "21632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21632" + }, + { + "name": "GLSA-200608-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml" + }, + { + "name": "21338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21338" + }, + { + "name": "USN-330-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-330-1" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm" + }, + { + "name": "1016628", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016628" + }, + { + "name": "DSA-1137", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1137" + }, + { + "name": "21370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21370" + }, + { + "name": "21598", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21598" + }, + { + "name": "RHSA-2006:0648", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html" + }, + { + "name": "MDKSA-2006:137", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137" + }, + { + "name": "27222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27222" + }, + { + "name": "ADV-2007-4034", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4034" + }, + { + "name": "oval:org.mitre.oval:def:10639", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639" + }, + { + "name": "SUSE-SA:2006:044", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html" + }, + { + "name": "21290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21290" + }, + { + "name": "21274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21274" + }, + { + "name": "ADV-2006-3105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3105" + }, + { + "name": "27181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27181" + }, + { + "name": "RHSA-2006:0603", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html" + }, + { + "name": "20060901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" + }, + { + "name": "21304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21304" + }, + { + "name": "SSA:2006-230-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600" + }, + { + "name": "https://issues.rpath.com/browse/RPL-558", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-558" + }, + { + "name": "27832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27832" + }, + { + "name": "21346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21346" + }, + { + "name": "201331", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1" + }, + { + "name": "19284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19284" + }, + { + "name": "21319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21319" + }, + { + "name": "21392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21392" + }, + { + "name": "21334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21334" + }, + { + "name": "22036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22036" + }, + { + "name": "2006-0044", + "refsource": "TRUSTIX", + "url": "http://lwn.net/Alerts/194228/" + }, + { + "name": "103160", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6410.json b/2006/6xxx/CVE-2006-6410.json index 2ae64449680..303cf3d66a0 100644 --- a/2006/6xxx/CVE-2006-6410.json +++ b/2006/6xxx/CVE-2006-6410.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061126 VMware 5.5.1 Local Buffer Overflow (HTML Exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452746/100/100/threaded" - }, - { - "name" : "20061127 Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452775/100/100/threaded" - }, - { - "name" : "2264", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2264" - }, - { - "name" : "http://www.open-security.org/advisories/17", - "refsource" : "MISC", - "url" : "http://www.open-security.org/advisories/17" - }, - { - "name" : "19732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19732" - }, - { - "name" : "2008", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.open-security.org/advisories/17", + "refsource": "MISC", + "url": "http://www.open-security.org/advisories/17" + }, + { + "name": "20061127 Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452775/100/100/threaded" + }, + { + "name": "2264", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2264" + }, + { + "name": "19732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19732" + }, + { + "name": "2008", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2008" + }, + { + "name": "20061126 VMware 5.5.1 Local Buffer Overflow (HTML Exploit)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452746/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6489.json b/2006/6xxx/CVE-2006-6489.json index 586ed7280af..99c03378694 100644 --- a/2006/6xxx/CVE-2006-6489.json +++ b/2006/6xxx/CVE-2006-6489.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2006-6489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MIMG-6TUHTT", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MIMG-6TUHTT" - }, - { - "name" : "VU#145825", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/145825" - }, - { - "name" : "22095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22095" - }, - { - "name" : "ADV-2007-0237", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0237" - }, - { - "name" : "32924", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32924" - }, - { - "name" : "23819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22095" + }, + { + "name": "23819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23819" + }, + { + "name": "32924", + "refsource": "OSVDB", + "url": "http://osvdb.org/32924" + }, + { + "name": "VU#145825", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/145825" + }, + { + "name": "ADV-2007-0237", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0237" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MIMG-6TUHTT", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MIMG-6TUHTT" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7126.json b/2006/7xxx/CVE-2006-7126.json index 485c1ee7c26..e8d295c890c 100644 --- a/2006/7xxx/CVE-2006-7126.json +++ b/2006/7xxx/CVE-2006-7126.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061018 Secunia Research: Joomla BSQ Sitestats Script Insertion and SQLInjection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449125/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-65/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-65/advisory/" - }, - { - "name" : "http://developer.joomla.org/sf/sfmain/do/viewProject/projects.bsq_sitestats", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/sf/sfmain/do/viewProject/projects.bsq_sitestats" - }, - { - "name" : "20614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20614" - }, - { - "name" : "ADV-2006-4090", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4090" - }, - { - "name" : "bsq-sitestats-uri-sql-injection(29662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4090", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4090" + }, + { + "name": "20614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20614" + }, + { + "name": "20061018 Secunia Research: Joomla BSQ Sitestats Script Insertion and SQLInjection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449125/100/0/threaded" + }, + { + "name": "bsq-sitestats-uri-sql-injection(29662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29662" + }, + { + "name": "http://developer.joomla.org/sf/sfmain/do/viewProject/projects.bsq_sitestats", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/sf/sfmain/do/viewProject/projects.bsq_sitestats" + }, + { + "name": "http://secunia.com/secunia_research/2006-65/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-65/advisory/" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0636.json b/2011/0xxx/CVE-2011-0636.json index f4b9c0308d4..e3d5a618619 100644 --- a/2011/0xxx/CVE-2011-0636.json +++ b/2011/0xxx/CVE-2011-0636.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110107 CUDA drivers/Linux security hole", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515591/100/0/threaded" - }, - { - "name" : "20110201 fix for Nvidia CUDA drivers security breach", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516121/100/0/threaded" - }, - { - "name" : "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm", - "refsource" : "MISC", - "url" : "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm" - }, - { - "name" : "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm", - "refsource" : "MISC", - "url" : "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm" - }, - { - "name" : "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm", - "refsource" : "MISC", - "url" : "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm" - }, - { - "name" : "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm", - "refsource" : "MISC", - "url" : "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm" - }, - { - "name" : "http://forums.nvidia.com/index.php?showtopic=190303", - "refsource" : "CONFIRM", - "url" : "http://forums.nvidia.com/index.php?showtopic=190303" - }, - { - "name" : "45717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45717" - }, - { - "name" : "70420", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70420" - }, - { - "name" : "1024962", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024962" - }, - { - "name" : "42859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42859" - }, - { - "name" : "cuda-toolkit-cudahostalloc-info-disc(64710)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45717" + }, + { + "name": "cuda-toolkit-cudahostalloc-info-disc(64710)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64710" + }, + { + "name": "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm", + "refsource": "MISC", + "url": "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm" + }, + { + "name": "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm", + "refsource": "MISC", + "url": "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm" + }, + { + "name": "70420", + "refsource": "OSVDB", + "url": "http://osvdb.org/70420" + }, + { + "name": "20110107 CUDA drivers/Linux security hole", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515591/100/0/threaded" + }, + { + "name": "42859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42859" + }, + { + "name": "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm", + "refsource": "MISC", + "url": "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm" + }, + { + "name": "1024962", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024962" + }, + { + "name": "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm", + "refsource": "MISC", + "url": "http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm" + }, + { + "name": "20110201 fix for Nvidia CUDA drivers security breach", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516121/100/0/threaded" + }, + { + "name": "http://forums.nvidia.com/index.php?showtopic=190303", + "refsource": "CONFIRM", + "url": "http://forums.nvidia.com/index.php?showtopic=190303" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0928.json b/2011/0xxx/CVE-2011-0928.json index aa3918e4145..cab903ba098 100644 --- a/2011/0xxx/CVE-2011-0928.json +++ b/2011/0xxx/CVE-2011-0928.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0928", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0928", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1471.json b/2011/1xxx/CVE-2011-1471.json index d71d164edf8..8bb4dc34a1c 100644 --- a/2011/1xxx/CVE-2011-1471.json +++ b/2011/1xxx/CVE-2011-1471.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.php.net/bug.php?id=49072", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=49072" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "DSA-2266", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2266" - }, - { - "name" : "MDVSA-2011:052", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:052" - }, - { - "name" : "MDVSA-2011:053", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053" - }, - { - "name" : "RHSA-2011:1423", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1423.html" - }, - { - "name" : "46975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46975" - }, - { - "name" : "ADV-2011-0744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46975" + }, + { + "name": "MDVSA-2011:053", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053" + }, + { + "name": "DSA-2266", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2266" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "RHSA-2011:1423", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html" + }, + { + "name": "MDVSA-2011:052", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:052" + }, + { + "name": "ADV-2011-0744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0744" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "http://bugs.php.net/bug.php?id=49072", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=49072" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2357.json b/2011/2xxx/CVE-2011-2357.json index 881a30276e0..1e79281cdbc 100644 --- a/2011/2xxx/CVE-2011-2357.json +++ b/2011/2xxx/CVE-2011-2357.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519146/100/0/threaded" - }, - { - "name" : "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Aug/9" - }, - { - "name" : "http://blog.watchfire.com/files/advisory-android-browser.pdf", - "refsource" : "MISC", - "url" : "http://blog.watchfire.com/files/advisory-android-browser.pdf" - }, - { - "name" : "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html", - "refsource" : "MISC", - "url" : "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html" - }, - { - "name" : "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/", - "refsource" : "MISC", - "url" : "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/" - }, - { - "name" : "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf", - "refsource" : "MISC", - "url" : "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf" - }, - { - "name" : "http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17", - "refsource" : "CONFIRM", - "url" : "http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17" - }, - { - "name" : "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b", - "refsource" : "CONFIRM", - "url" : "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b" - }, - { - "name" : "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e", - "refsource" : "CONFIRM", - "url" : "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e" - }, - { - "name" : "48954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48954" - }, - { - "name" : "74260", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74260" - }, - { - "name" : "1025881", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025881" - }, - { - "name" : "45457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45457" - }, - { - "name" : "8335", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8335" - }, - { - "name" : "android-sandbox-cas(68937)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74260", + "refsource": "OSVDB", + "url": "http://osvdb.org/74260" + }, + { + "name": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b", + "refsource": "CONFIRM", + "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b" + }, + { + "name": "http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17", + "refsource": "CONFIRM", + "url": "http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17" + }, + { + "name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519146/100/0/threaded" + }, + { + "name": "45457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45457" + }, + { + "name": "android-sandbox-cas(68937)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68937" + }, + { + "name": "48954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48954" + }, + { + "name": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e", + "refsource": "CONFIRM", + "url": "http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;%20a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e" + }, + { + "name": "http://blog.watchfire.com/files/advisory-android-browser.pdf", + "refsource": "MISC", + "url": "http://blog.watchfire.com/files/advisory-android-browser.pdf" + }, + { + "name": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf", + "refsource": "MISC", + "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/android_xss.pdf" + }, + { + "name": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/", + "refsource": "MISC", + "url": "http://www.infsec.cs.uni-saarland.de/projects/android-vuln/" + }, + { + "name": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html", + "refsource": "MISC", + "url": "http://blog.watchfire.com/wfblog/2011/08/android-browser-cross-application-scripting-cve-2011-2357.html" + }, + { + "name": "20110802 Android Browser Cross-Application Scripting (CVE-2011-2357)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Aug/9" + }, + { + "name": "1025881", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025881" + }, + { + "name": "8335", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8335" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2985.json b/2011/2xxx/CVE-2011-2985.json index 8f5bd3070ad..57dce7e290c 100644 --- a/2011/2xxx/CVE-2011-2985.json +++ b/2011/2xxx/CVE-2011-2985.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=646825", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=646825" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=648206", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=648206" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=650273", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=650273" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=650275", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=650275" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=650732", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=650732" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=651030", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=651030" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660517", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660517" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=662132", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=662132" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665518", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665518" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=667092", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=667092" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=667315", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=667315" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=667512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=667512" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=668245", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=668245" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=669584", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=669584" - }, - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html" - }, - { - "name" : "SUSE-SA:2011:037", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" - }, - { - "name" : "oval:org.mitre.oval:def:14440", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14440" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=650273", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=650273" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=650732", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=650732" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=665518", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665518" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=667315", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=667315" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=651030", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=651030" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=646825", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=646825" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=662132", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=662132" + }, + { + "name": "oval:org.mitre.oval:def:14440", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14440" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=667092", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=667092" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=668245", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=668245" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=648206", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=648206" + }, + { + "name": "SUSE-SA:2011:037", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=650275", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=650275" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=667512", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=667512" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=669584", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=669584" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=660517", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=660517" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3015.json b/2011/3xxx/CVE-2011-3015.json index 62df0a320c7..5fad8ac7337 100644 --- a/2011/3xxx/CVE-2011-3015.json +++ b/2011/3xxx/CVE-2011-3015.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=105803", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=105803" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14690", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14690" - }, - { - "name" : "48016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=105803", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=105803" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html" + }, + { + "name": "48016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48016" + }, + { + "name": "oval:org.mitre.oval:def:14690", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14690" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3186.json b/2011/3xxx/CVE-2011-3186.json index 3ebad7ce3cd..fd7b545d277 100644 --- a/2011/3xxx/CVE-2011-3186.json +++ b/2011/3xxx/CVE-2011-3186.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110817 CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/17/1" - }, - { - "name" : "[oss-security] 20110819 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/19/11" - }, - { - "name" : "[oss-security] 20110820 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/20/1" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/14" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/13" - }, - { - "name" : "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/5" - }, - { - "name" : "[rubyonrails-security] 20110816 Response Splitting Vulnerability in Ruby on Rails", - "refsource" : "MLIST", - "url" : "http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=732156", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=732156" - }, - { - "name" : "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9", - "refsource" : "CONFIRM", - "url" : "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9" - }, - { - "name" : "DSA-2301", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2301" - }, - { - "name" : "FEDORA-2011-11567", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html" - }, - { - "name" : "45921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110817 CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=732156", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732156" + }, + { + "name": "FEDORA-2011-11567", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html" + }, + { + "name": "[oss-security] 20110819 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" + }, + { + "name": "DSA-2301", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2301" + }, + { + "name": "45921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45921" + }, + { + "name": "[oss-security] 20110820 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" + }, + { + "name": "[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" + }, + { + "name": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9", + "refsource": "CONFIRM", + "url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9" + }, + { + "name": "[rubyonrails-security] 20110816 Response Splitting Vulnerability in Ruby on Rails", + "refsource": "MLIST", + "url": "http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3425.json b/2011/3xxx/CVE-2011-3425.json index 463a7e0a0fb..b7fb2a1eb94 100644 --- a/2011/3xxx/CVE-2011-3425.json +++ b/2011/3xxx/CVE-2011-3425.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3425", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3425", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3696.json b/2011/3xxx/CVE-2011-3696.json index 6cc6c4f6219..76b3d90017c 100644 --- a/2011/3xxx/CVE-2011-3696.json +++ b/2011/3xxx/CVE-2011-3696.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "60cycleCMS 2.5.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by post.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/60cycleCMS.2.5.2", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/60cycleCMS.2.5.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "60cycleCMS 2.5.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by post.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/60cycleCMS.2.5.2", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/60cycleCMS.2.5.2" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3876.json b/2011/3xxx/CVE-2011-3876.json index 98d9e5e9619..7ced81bf8ec 100644 --- a/2011/3xxx/CVE-2011-3876.json +++ b/2011/3xxx/CVE-2011-3876.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=90217", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=90217" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" - }, - { - "name" : "oval:org.mitre.oval:def:13042", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13042" - }, - { - "name" : "chrome-whitespace-security-bypass(70954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chrome-whitespace-security-bypass(70954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70954" + }, + { + "name": "oval:org.mitre.oval:def:13042", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13042" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=90217", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=90217" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3904.json b/2011/3xxx/CVE-2011-3904.json index 3bbc3bb6c72..ceb57255f57 100644 --- a/2011/3xxx/CVE-2011-3904.json +++ b/2011/3xxx/CVE-2011-3904.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=107258", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=107258" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=66015", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=66015" - }, - { - "name" : "oval:org.mitre.oval:def:14494", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=66015", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=66015" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=107258", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=107258" + }, + { + "name": "oval:org.mitre.oval:def:14494", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14494" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4617.json b/2011/4xxx/CVE-2011-4617.json index 28099fd7bbd..7270885b529 100644 --- a/2011/4xxx/CVE-2011-4617.json +++ b/2011/4xxx/CVE-2011-4617.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111219 CVE id request: python-virtualenv", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/12/19/2" - }, - { - "name" : "[oss-security] 20111219 Re: CVE id request: python-virtualenv", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/12/19/4" - }, - { - "name" : "[oss-security] 20111219 Re: CVE id request: python-virtualenv", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/12/19/5" - }, - { - "name" : "https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5", - "refsource" : "CONFIRM", - "url" : "https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5" - }, - { - "name" : "FEDORA-2011-17289", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html" - }, - { - "name" : "FEDORA-2011-17341", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html" - }, - { - "name" : "47240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47240" + }, + { + "name": "https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5", + "refsource": "CONFIRM", + "url": "https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5" + }, + { + "name": "[oss-security] 20111219 Re: CVE id request: python-virtualenv", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/12/19/4" + }, + { + "name": "[oss-security] 20111219 CVE id request: python-virtualenv", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/12/19/2" + }, + { + "name": "FEDORA-2011-17289", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html" + }, + { + "name": "FEDORA-2011-17341", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html" + }, + { + "name": "[oss-security] 20111219 Re: CVE id request: python-virtualenv", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/12/19/5" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4838.json b/2011/4xxx/CVE-2011-4838.json index 217803d1013..dabdcbbb9ed 100644 --- a/2011/4xxx/CVE-2011-4838.json +++ b/2011/4xxx/CVE-2011-4838.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" - }, - { - "name" : "http://www.nruns.com/_downloads/advisory28122011.pdf", - "refsource" : "MISC", - "url" : "http://www.nruns.com/_downloads/advisory28122011.pdf" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2011-003.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2011-003.html" - }, - { - "name" : "http://jruby.org/2011/12/27/jruby-1-6-5-1.html", - "refsource" : "CONFIRM", - "url" : "http://jruby.org/2011/12/27/jruby-1-6-5-1.html" - }, - { - "name" : "GLSA-201207-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201207-06.xml" - }, - { - "name" : "RHSA-2012:1232", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1232.html" - }, - { - "name" : "VU#903934", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/903934" - }, - { - "name" : "47407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47407" - }, - { - "name" : "50084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50084" - }, - { - "name" : "jruby-hash-dos(72019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nruns.com/_downloads/advisory28122011.pdf", + "refsource": "MISC", + "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" + }, + { + "name": "jruby-hash-dos(72019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72019" + }, + { + "name": "http://jruby.org/2011/12/27/jruby-1-6-5-1.html", + "refsource": "CONFIRM", + "url": "http://jruby.org/2011/12/27/jruby-1-6-5-1.html" + }, + { + "name": "50084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50084" + }, + { + "name": "47407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47407" + }, + { + "name": "VU#903934", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/903934" + }, + { + "name": "RHSA-2012:1232", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html" + }, + { + "name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" + }, + { + "name": "GLSA-201207-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201207-06.xml" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2011-003.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2011-003.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4889.json b/2011/4xxx/CVE-2011-4889.json index d47dc1eff54..f8c6e726767 100644 --- a/2011/4xxx/CVE-2011-4889.json +++ b/2011/4xxx/CVE-2011-4889.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2011-4889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21587015", - "refsource" : "CONFIRM", - "url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21587015" - }, - { - "name" : "was-vmm-weak-security(72581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www-304.ibm.com/support/docview.wss?uid=swg21587015", + "refsource": "CONFIRM", + "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21587015" + }, + { + "name": "was-vmm-weak-security(72581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72581" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4938.json b/2011/4xxx/CVE-2011-4938.json index 7621e8093c1..7f22cfed613 100644 --- a/2011/4xxx/CVE-2011-4938.json +++ b/2011/4xxx/CVE-2011-4938.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4938", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4938", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1088.json b/2013/1xxx/CVE-2013-1088.json index 87fcd521972..100a8914006 100644 --- a/2013/1xxx/CVE-2013-1088.json +++ b/2013/1xxx/CVE-2013-1088.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7010166", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7010166" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=726260", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=726260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7010166", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7010166" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=726260", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=726260" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5540.json b/2013/5xxx/CVE-2013-5540.json index 647fd1189b4..5ad624faa55 100644 --- a/2013/5xxx/CVE-2013-5540.json +++ b/2013/5xxx/CVE-2013-5540.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131015 Cisco Identity Services Engine File Space Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131015 Cisco Identity Services Engine File Space Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5592.json b/2013/5xxx/CVE-2013-5592.json index 935b0b6e1be..4c81b95d4e4 100644 --- a/2013/5xxx/CVE-2013-5592.json +++ b/2013/5xxx/CVE-2013-5592.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-5592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=880544", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=880544" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=886102", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=886102" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=887921", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=887921" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=912534", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=912534" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2013:1634", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" - }, - { - "name" : "openSUSE-SU-2013:1633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:19148", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=912534", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=912534" + }, + { + "name": "oval:org.mitre.oval:def:19148", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19148" + }, + { + "name": "openSUSE-SU-2013:1633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=880544", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=880544" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html" + }, + { + "name": "openSUSE-SU-2013:1634", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=887921", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=887921" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=886102", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=886102" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5703.json b/2013/5xxx/CVE-2013-5703.json index ef160cfa2b1..89b0b847e18 100644 --- a/2013/5xxx/CVE-2013-5703.json +++ b/2013/5xxx/CVE-2013-5703.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#101462", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/101462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#101462", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/101462" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5962.json b/2013/5xxx/CVE-2013-5962.json index 3c8b55c703c..8a11ab28193 100644 --- a/2013/5xxx/CVE-2013-5962.json +++ b/2013/5xxx/CVE-2013-5962.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130918 Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0090.html" - }, - { - "name" : "28377", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28377" - }, - { - "name" : "http://packetstormsecurity.com/files/123303", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123303" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=1080", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=1080" - }, - { - "name" : "http://codecanyon.net/item/complete-gallery-manager-for-wordpress/2418606", - "refsource" : "CONFIRM", - "url" : "http://codecanyon.net/item/complete-gallery-manager-for-wordpress/2418606" - }, - { - "name" : "54894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54894" - }, - { - "name" : "completegallery-uploadimages-file-upload(87172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/123303", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123303" + }, + { + "name": "http://codecanyon.net/item/complete-gallery-manager-for-wordpress/2418606", + "refsource": "CONFIRM", + "url": "http://codecanyon.net/item/complete-gallery-manager-for-wordpress/2418606" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=1080", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=1080" + }, + { + "name": "28377", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28377" + }, + { + "name": "completegallery-uploadimages-file-upload(87172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87172" + }, + { + "name": "20130918 Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0090.html" + }, + { + "name": "54894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54894" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2150.json b/2014/2xxx/CVE-2014-2150.json index cb4db07448a..271dadaf8c6 100644 --- a/2014/2xxx/CVE-2014-2150.json +++ b/2014/2xxx/CVE-2014-2150.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2150", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-2150", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2527.json b/2014/2xxx/CVE-2014-2527.json index 3639d03dbe1..f56995adb45 100644 --- a/2014/2xxx/CVE-2014-2527.json +++ b/2014/2xxx/CVE-2014-2527.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a \" (double quote) character in the directory name, a different vulnerability than CVE-2014-2528." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140317 CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/17/2" - }, - { - "name" : "[oss-security] 20140318 Re: CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/18/2" - }, - { - "name" : "https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp", - "refsource" : "CONFIRM", - "url" : "https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741659", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741659" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1077059", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1077059" - }, - { - "name" : "openSUSE-SU-2014:0984", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00015.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a \" (double quote) character in the directory name, a different vulnerability than CVE-2014-2528." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp", + "refsource": "CONFIRM", + "url": "https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp" + }, + { + "name": "openSUSE-SU-2014:0984", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00015.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1077059", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077059" + }, + { + "name": "[oss-security] 20140317 CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/17/2" + }, + { + "name": "[oss-security] 20140318 Re: CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/18/2" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741659", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741659" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2671.json b/2014/2xxx/CVE-2014-2671.json index b079af71332..a8ed6eba037 100644 --- a/2014/2xxx/CVE-2014-2671.json +++ b/2014/2xxx/CVE-2014-2671.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32477", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32477/" - }, - { - "name" : "http://packetstormsecurity.com/files/125834", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125834" - }, - { - "name" : "66403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66403" - }, - { - "name" : "ms-media-player-wav-code-exec(92080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ms-media-player-wav-code-exec(92080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92080" + }, + { + "name": "http://packetstormsecurity.com/files/125834", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125834" + }, + { + "name": "32477", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32477/" + }, + { + "name": "66403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66403" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6157.json b/2014/6xxx/CVE-2014-6157.json index 91af4972560..8ef6f6e7766 100644 --- a/2014/6xxx/CVE-2014-6157.json +++ b/2014/6xxx/CVE-2014-6157.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6157", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6157", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6563.json b/2014/6xxx/CVE-2014-6563.json index 2ee7a32d17e..470c3246da6 100644 --- a/2014/6xxx/CVE-2014-6563.json +++ b/2014/6xxx/CVE-2014-6563.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6538." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6538." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70465" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7482.json b/2014/7xxx/CVE-2014-7482.json index 0a3eb8c953c..bbfc49d54ac 100644 --- a/2014/7xxx/CVE-2014-7482.json +++ b/2014/7xxx/CVE-2014-7482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7482", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7482", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0195.json b/2017/0xxx/CVE-2017-0195.json index f956223fad7..ea8b9be7067 100644 --- a/2017/0xxx/CVE-2017-0195.json +++ b/2017/0xxx/CVE-2017-0195.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "version_value" : "Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1, and Office Online Server" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka \"Microsoft Office XSS Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office", + "version": { + "version_data": [ + { + "version_value": "Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1, and Office Online Server" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195" - }, - { - "name" : "97417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka \"Microsoft Office XSS Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97417" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0533.json b/2017/0xxx/CVE-2017-0533.json index 8da7584e77b..170f4763516 100644 --- a/2017/0xxx/CVE-2017-0533.json +++ b/2017/0xxx/CVE-2017-0533.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32509422. References: QC-CR#1088206." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" - }, - { - "name" : "96734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96734" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32509422. References: QC-CR#1088206." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96734" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0841.json b/2017/0xxx/CVE-2017-0841.json index 0c14bbd2bb6..1af2628cc1b 100644 --- a/2017/0xxx/CVE-2017-0841.json +++ b/2017/0xxx/CVE-2017-0841.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "101718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + }, + { + "name": "101718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101718" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000083.json b/2017/1000xxx/CVE-2017-1000083.json index fc4136fe3d9..a6700e4963a 100644 --- a/2017/1000xxx/CVE-2017-1000083.json +++ b/2017/1000xxx/CVE-2017-1000083.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-07-10", - "ID" : "CVE-2017-1000083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GNOME Evince before 3.24.1", - "version" : { - "version_data" : [ - { - "version_value" : "GNOME Evince before 3.24.1" - } - ] - } - } - ] - }, - "vendor_name" : "GNOME" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a \"--\" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-07-10", + "ID": "CVE-2017-1000083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45824", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45824/" - }, - { - "name" : "46341", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46341/" - }, - { - "name" : "http://seclists.org/oss-sec/2017/q3/128", - "refsource" : "MISC", - "url" : "http://seclists.org/oss-sec/2017/q3/128" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=784630", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=784630" - }, - { - "name" : "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee", - "refsource" : "MISC", - "url" : "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee" - }, - { - "name" : "DSA-3911", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3911" - }, - { - "name" : "RHSA-2017:2388", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2388" - }, - { - "name" : "99597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a \"--\" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46341", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46341/" + }, + { + "name": "http://seclists.org/oss-sec/2017/q3/128", + "refsource": "MISC", + "url": "http://seclists.org/oss-sec/2017/q3/128" + }, + { + "name": "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee", + "refsource": "MISC", + "url": "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=784630", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784630" + }, + { + "name": "99597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99597" + }, + { + "name": "RHSA-2017:2388", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2388" + }, + { + "name": "DSA-3911", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3911" + }, + { + "name": "45824", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45824/" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18119.json b/2017/18xxx/CVE-2017-18119.json index d66a53222a7..6f929e05ad6 100644 --- a/2017/18xxx/CVE-2017-18119.json +++ b/2017/18xxx/CVE-2017-18119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1246.json b/2017/1xxx/CVE-2017-1246.json index d7bf75b50f9..2484eb5e81c 100644 --- a/2017/1xxx/CVE-2017-1246.json +++ b/2017/1xxx/CVE-2017-1246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1246", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1246", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1420.json b/2017/1xxx/CVE-2017-1420.json index 77382258654..448ae62cf9c 100644 --- a/2017/1xxx/CVE-2017-1420.json +++ b/2017/1xxx/CVE-2017-1420.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1420", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1420", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1675.json b/2017/1xxx/CVE-2017-1675.json index 7714f606391..2ab086251f3 100644 --- a/2017/1xxx/CVE-2017-1675.json +++ b/2017/1xxx/CVE-2017-1675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4098.json b/2017/4xxx/CVE-2017-4098.json index 9d24034c323..d800758cae6 100644 --- a/2017/4xxx/CVE-2017-4098.json +++ b/2017/4xxx/CVE-2017-4098.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4098", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4098", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4479.json b/2017/4xxx/CVE-2017-4479.json index 263bceaf758..e90b172dc97 100644 --- a/2017/4xxx/CVE-2017-4479.json +++ b/2017/4xxx/CVE-2017-4479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4479", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4479", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4600.json b/2017/4xxx/CVE-2017-4600.json index 78511ea3445..65ea5bbf42f 100644 --- a/2017/4xxx/CVE-2017-4600.json +++ b/2017/4xxx/CVE-2017-4600.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4600", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4600", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4640.json b/2017/4xxx/CVE-2017-4640.json index a991eb2a028..0f61d660ec7 100644 --- a/2017/4xxx/CVE-2017-4640.json +++ b/2017/4xxx/CVE-2017-4640.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4640", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4640", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5638.json b/2017/5xxx/CVE-2017-5638.json index b8b91b88d20..e82d70b850b 100644 --- a/2017/5xxx/CVE-2017-5638.json +++ b/2017/5xxx/CVE-2017-5638.json @@ -1,210 +1,210 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Struts", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.x before 2.3.32" - }, - { - "version_value" : "2.5.x before 2.5.10.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Struts", + "version": { + "version_data": [ + { + "version_value": "2.3.x before 2.3.32" + }, + { + "version_value": "2.5.x before 2.5.10.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41570", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/41570" - }, - { - "name" : "41614", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41614/" - }, - { - "name" : "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", - "refsource" : "MISC", - "url" : "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html" - }, - { - "name" : "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", - "refsource" : "MISC", - "url" : "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/" - }, - { - "name" : "https://github.com/rapid7/metasploit-framework/issues/8064", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/issues/8064" - }, - { - "name" : "https://isc.sans.edu/diary/22169", - "refsource" : "MISC", - "url" : "https://isc.sans.edu/diary/22169" - }, - { - "name" : "https://github.com/mazen160/struts-pwn", - "refsource" : "MISC", - "url" : "https://github.com/mazen160/struts-pwn" - }, - { - "name" : "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", - "refsource" : "MISC", - "url" : "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html" - }, - { - "name" : "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt" - }, - { - "name" : "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", - "refsource" : "MISC", - "url" : "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html" - }, - { - "name" : "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", - "refsource" : "MISC", - "url" : "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/" - }, - { - "name" : "https://twitter.com/theog150/status/841146956135124993", - "refsource" : "MISC", - "url" : "https://twitter.com/theog150/status/841146956135124993" - }, - { - "name" : "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", - "refsource" : "MISC", - "url" : "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/" - }, - { - "name" : "https://cwiki.apache.org/confluence/display/WW/S2-045", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/WW/S2-045" - }, - { - "name" : "https://cwiki.apache.org/confluence/display/WW/S2-046", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/WW/S2-046" - }, - { - "name" : "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a", - "refsource" : "CONFIRM", - "url" : "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a" - }, - { - "name" : "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228", - "refsource" : "CONFIRM", - "url" : "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228" - }, - { - "name" : "https://struts.apache.org/docs/s2-045.html", - "refsource" : "CONFIRM", - "url" : "https://struts.apache.org/docs/s2-045.html" - }, - { - "name" : "https://struts.apache.org/docs/s2-046.html", - "refsource" : "CONFIRM", - "url" : "https://struts.apache.org/docs/s2-046.html" - }, - { - "name" : "https://support.lenovo.com/us/en/product_security/len-14200", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/len-14200" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA145" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170310-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170310-0001/" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt" - }, - { - "name" : "VU#834067", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/834067" - }, - { - "name" : "96729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96729" - }, - { - "name" : "1037973", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", + "refsource": "MISC", + "url": "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt" + }, + { + "name": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", + "refsource": "MISC", + "url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/" + }, + { + "name": "41570", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/41570" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170310-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170310-0001/" + }, + { + "name": "https://github.com/rapid7/metasploit-framework/issues/8064", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/issues/8064" + }, + { + "name": "https://struts.apache.org/docs/s2-046.html", + "refsource": "CONFIRM", + "url": "https://struts.apache.org/docs/s2-046.html" + }, + { + "name": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", + "refsource": "MISC", + "url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html" + }, + { + "name": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", + "refsource": "MISC", + "url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us" + }, + { + "name": "VU#834067", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/834067" + }, + { + "name": "https://isc.sans.edu/diary/22169", + "refsource": "MISC", + "url": "https://isc.sans.edu/diary/22169" + }, + { + "name": "https://struts.apache.org/docs/s2-045.html", + "refsource": "CONFIRM", + "url": "https://struts.apache.org/docs/s2-045.html" + }, + { + "name": "1037973", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037973" + }, + { + "name": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", + "refsource": "MISC", + "url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html" + }, + { + "name": "96729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96729" + }, + { + "name": "https://twitter.com/theog150/status/841146956135124993", + "refsource": "MISC", + "url": "https://twitter.com/theog150/status/841146956135124993" + }, + { + "name": "https://github.com/mazen160/struts-pwn", + "refsource": "MISC", + "url": "https://github.com/mazen160/struts-pwn" + }, + { + "name": "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt" + }, + { + "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA145" + }, + { + "name": "https://support.lenovo.com/us/en/product_security/len-14200", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/len-14200" + }, + { + "name": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a", + "refsource": "CONFIRM", + "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us" + }, + { + "name": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228", + "refsource": "CONFIRM", + "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228" + }, + { + "name": "https://cwiki.apache.org/confluence/display/WW/S2-045", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/WW/S2-045" + }, + { + "name": "41614", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41614/" + }, + { + "name": "https://cwiki.apache.org/confluence/display/WW/S2-046", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/WW/S2-046" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us" + }, + { + "name": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", + "refsource": "MISC", + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5957.json b/2017/5xxx/CVE-2017-5957.json index 6999cb79eed..fbd01f537e3 100644 --- a/2017/5xxx/CVE-2017-5957.json +++ b/2017/5xxx/CVE-2017-5957.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the \"nr_cbufs\" argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170213 CVE-2017-5957 Virglrenderer: stack overflow in vrend_decode_set_framebuffer_state", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/13/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1421126", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1421126" - }, - { - "name" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f" - }, - { - "name" : "GLSA-201707-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-06" - }, - { - "name" : "96215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the \"nr_cbufs\" argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201707-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-06" + }, + { + "name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f" + }, + { + "name": "96215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96215" + }, + { + "name": "[oss-security] 20170213 CVE-2017-5957 Virglrenderer: stack overflow in vrend_decode_set_framebuffer_state", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/13/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1421126", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421126" + } + ] + } +} \ No newline at end of file