From e675b7d7b73d3a3d152e201092eb324d5278dc96 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:02:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0048.json | 130 ++++----- 2001/0xxx/CVE-2001-0828.json | 170 ++++++------ 2001/0xxx/CVE-2001-0854.json | 140 +++++----- 2001/1xxx/CVE-2001-1058.json | 140 +++++----- 2001/1xxx/CVE-2001-1087.json | 140 +++++----- 2001/1xxx/CVE-2001-1090.json | 140 +++++----- 2001/1xxx/CVE-2001-1420.json | 160 +++++------ 2006/2xxx/CVE-2006-2390.json | 160 +++++------ 2006/2xxx/CVE-2006-2624.json | 34 +-- 2006/2xxx/CVE-2006-2994.json | 170 ++++++------ 2008/5xxx/CVE-2008-5023.json | 410 ++++++++++++++--------------- 2008/5xxx/CVE-2008-5294.json | 160 +++++------ 2008/5xxx/CVE-2008-5523.json | 150 +++++------ 2008/5xxx/CVE-2008-5713.json | 230 ++++++++-------- 2011/2xxx/CVE-2011-2100.json | 180 ++++++------- 2011/2xxx/CVE-2011-2355.json | 34 +-- 2011/2xxx/CVE-2011-2361.json | 160 +++++------ 2011/2xxx/CVE-2011-2714.json | 34 +-- 2011/3xxx/CVE-2011-3580.json | 180 ++++++------- 2011/3xxx/CVE-2011-3688.json | 130 ++++----- 2013/0xxx/CVE-2013-0241.json | 200 +++++++------- 2013/0xxx/CVE-2013-0848.json | 140 +++++----- 2013/0xxx/CVE-2013-0906.json | 140 +++++----- 2013/1xxx/CVE-2013-1197.json | 120 ++++----- 2013/1xxx/CVE-2013-1199.json | 120 ++++----- 2013/1xxx/CVE-2013-1631.json | 34 +-- 2013/4xxx/CVE-2013-4216.json | 130 ++++----- 2013/4xxx/CVE-2013-4402.json | 210 +++++++-------- 2013/4xxx/CVE-2013-4798.json | 160 +++++------ 2013/4xxx/CVE-2013-4828.json | 130 ++++----- 2013/5xxx/CVE-2013-5807.json | 200 +++++++------- 2013/5xxx/CVE-2013-5917.json | 120 ++++----- 2013/5xxx/CVE-2013-5985.json | 34 +-- 2017/0xxx/CVE-2017-0610.json | 136 +++++----- 2017/1000xxx/CVE-2017-1000125.json | 124 ++++----- 2017/1000xxx/CVE-2017-1000474.json | 134 +++++----- 2017/12xxx/CVE-2017-12075.json | 156 +++++------ 2017/12xxx/CVE-2017-12093.json | 122 ++++----- 2017/12xxx/CVE-2017-12231.json | 140 +++++----- 2017/12xxx/CVE-2017-12336.json | 140 +++++----- 2017/12xxx/CVE-2017-12337.json | 210 +++++++-------- 2017/12xxx/CVE-2017-12827.json | 34 +-- 2017/13xxx/CVE-2017-13405.json | 34 +-- 2017/16xxx/CVE-2017-16127.json | 122 ++++----- 2017/16xxx/CVE-2017-16856.json | 132 +++++----- 2017/4xxx/CVE-2017-4292.json | 34 +-- 2017/4xxx/CVE-2017-4668.json | 34 +-- 2017/4xxx/CVE-2017-4674.json | 34 +-- 2018/18xxx/CVE-2018-18085.json | 34 +-- 2018/18xxx/CVE-2018-18151.json | 34 +-- 2018/5xxx/CVE-2018-5099.json | 286 ++++++++++---------- 2018/5xxx/CVE-2018-5481.json | 120 ++++----- 2018/5xxx/CVE-2018-5714.json | 120 ++++----- 2018/5xxx/CVE-2018-5853.json | 142 +++++----- 54 files changed, 3556 insertions(+), 3556 deletions(-) diff --git a/2001/0xxx/CVE-2001-0048.json b/2001/0xxx/CVE-2001-0048.json index 9487920ad4f..82ece9174fd 100644 --- a/2001/0xxx/CVE-2001-0048.json +++ b/2001/0xxx/CVE-2001-0048.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Configure Your Server\" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the \"Directory Service Restore Mode Password\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-099", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-099" - }, - { - "name" : "2133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Configure Your Server\" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the \"Directory Service Restore Mode Password\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2133" + }, + { + "name": "MS00-099", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-099" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0828.json b/2001/0xxx/CVE-2001-0828.json index 3b3b472507e..35d7820dbfd 100644 --- a/2001/0xxx/CVE-2001-0828.json +++ b/2001/0xxx/CVE-2001-0828.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html" - }, - { - "name" : "http://www.caucho.com/products/resin/changes.xtp", - "refsource" : "CONFIRM", - "url" : "http://www.caucho.com/products/resin/changes.xtp" - }, - { - "name" : "2981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2981" - }, - { - "name" : "java-servlet-crosssite-scripting(6793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6793" - }, - { - "name" : "VU#981651", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/981651" - }, - { - "name" : "1890", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "java-servlet-crosssite-scripting(6793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6793" + }, + { + "name": "20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html" + }, + { + "name": "VU#981651", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/981651" + }, + { + "name": "1890", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1890" + }, + { + "name": "2981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2981" + }, + { + "name": "http://www.caucho.com/products/resin/changes.xtp", + "refsource": "CONFIRM", + "url": "http://www.caucho.com/products/resin/changes.xtp" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0854.json b/2001/0xxx/CVE-2001-0854.json index 3dabaeb12cb..72e7105f923 100644 --- a/2001/0xxx/CVE-2001-0854.json +++ b/2001/0xxx/CVE-2001-0854.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011105 Copying and Deleting Files Using PHP-Nuke", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100525739116093&w=2" - }, - { - "name" : "3510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3510" - }, - { - "name" : "phpnuke-filemanager-gain-privileges(7478)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7478.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011105 Copying and Deleting Files Using PHP-Nuke", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100525739116093&w=2" + }, + { + "name": "3510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3510" + }, + { + "name": "phpnuke-filemanager-gain-privileges(7478)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7478.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1058.json b/2001/1xxx/CVE-2001-1058.json index 3320f336d62..02a6eecf30f 100644 --- a/2001/1xxx/CVE-2001-1058.json +++ b/2001/1xxx/CVE-2001-1058.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010730 a couple minor issues with mathematica license manager", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/200462" - }, - { - "name" : "3118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3118" - }, - { - "name" : "mathematica-license-retrieval(6927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mathematica-license-retrieval(6927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6927" + }, + { + "name": "20010730 a couple minor issues with mathematica license manager", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/200462" + }, + { + "name": "3118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3118" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1087.json b/2001/1xxx/CVE-2001-1087.json index 660c1321e52..159a545ade3 100644 --- a/2001/1xxx/CVE-2001-1087.json +++ b/2001/1xxx/CVE-2001-1087.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010705 RE: Tunnel ports allowed on NetApp NetCaches", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/195176" - }, - { - "name" : "netcache-tunnel-default-configuration(6807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6807" - }, - { - "name" : "2990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netcache-tunnel-default-configuration(6807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6807" + }, + { + "name": "2990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2990" + }, + { + "name": "20010705 RE: Tunnel ports allowed on NetApp NetCaches", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/195176" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1090.json b/2001/1xxx/CVE-2001-1090.json index 15cb50726a7..591798029e0 100644 --- a/2001/1xxx/CVE-2001-1090.json +++ b/2001/1xxx/CVE-2001-1090.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010910 RUS-CERT Advisory 2001-09:01", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/213331" - }, - { - "name" : "3315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3315" - }, - { - "name" : "postgresql-nss-authentication-modules(7111)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3315" + }, + { + "name": "20010910 RUS-CERT Advisory 2001-09:01", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/213331" + }, + { + "name": "postgresql-nss-authentication-modules(7111)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7111" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1420.json b/2001/1xxx/CVE-2001-1420.json index b0395c3a9b2..c7b1bea6726 100644 --- a/2001/1xxx/CVE-2001-1420.json +++ b/2001/1xxx/CVE-2001-1420.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011006 AIM Exploits", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/218920" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/JARL-569MEK", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JARL-569MEK" - }, - { - "name" : "VU#972499", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/972499" - }, - { - "name" : "3407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3407" - }, - { - "name" : "aim-long-filename-dos(7254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3407" + }, + { + "name": "VU#972499", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/972499" + }, + { + "name": "http://www.kb.cert.org/vuls/id/JARL-569MEK", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JARL-569MEK" + }, + { + "name": "20011006 AIM Exploits", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/218920" + }, + { + "name": "aim-long-filename-dos(7254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7254" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2390.json b/2006/2xxx/CVE-2006-2390.json index 45b8759d8b9..aa577979cdf 100644 --- a/2006/2xxx/CVE-2006-2390.json +++ b/2006/2xxx/CVE-2006-2390.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kiki91.altervista.org/exploit/ozjournals.txt", - "refsource" : "MISC", - "url" : "http://kiki91.altervista.org/exploit/ozjournals.txt" - }, - { - "name" : "17954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17954" - }, - { - "name" : "ADV-2006-1781", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1781" - }, - { - "name" : "20091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20091" - }, - { - "name" : "ozjournals-vname-xss(26403)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kiki91.altervista.org/exploit/ozjournals.txt", + "refsource": "MISC", + "url": "http://kiki91.altervista.org/exploit/ozjournals.txt" + }, + { + "name": "ADV-2006-1781", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1781" + }, + { + "name": "17954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17954" + }, + { + "name": "20091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20091" + }, + { + "name": "ozjournals-vname-xss(26403)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26403" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2624.json b/2006/2xxx/CVE-2006-2624.json index 0783c0f224e..8b9d731d9b5 100644 --- a/2006/2xxx/CVE-2006-2624.json +++ b/2006/2xxx/CVE-2006-2624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2624", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2624", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2994.json b/2006/2xxx/CVE-2006-2994.json index 37cb96dd049..286435d486c 100644 --- a/2006/2xxx/CVE-2006-2994.json +++ b/2006/2xxx/CVE-2006-2994.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in phazizGuestbook 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) url fields, and (4) text field (content parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060608 phazizGuestbook v2.0 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436602/100/0/threaded" - }, - { - "name" : "18495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18495" - }, - { - "name" : "ADV-2006-2421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2421" - }, - { - "name" : "20615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20615" - }, - { - "name" : "1081", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1081" - }, - { - "name" : "phazizguestbook-multiple-xss(27065)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in phazizGuestbook 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) url fields, and (4) text field (content parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phazizguestbook-multiple-xss(27065)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27065" + }, + { + "name": "1081", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1081" + }, + { + "name": "20615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20615" + }, + { + "name": "18495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18495" + }, + { + "name": "ADV-2006-2421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2421" + }, + { + "name": "20060608 phazizGuestbook v2.0 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436602/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5023.json b/2008/5xxx/CVE-2008-5023.json index f7b5742f53e..242f632cded 100644 --- a/2008/5xxx/CVE-2008-5023.json +++ b/2008/5xxx/CVE-2008-5023.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=424733", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=424733" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-57.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-57.html" - }, - { - "name" : "DSA-1669", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1669" - }, - { - "name" : "DSA-1671", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1671" - }, - { - "name" : "FEDORA-2008-9669", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html" - }, - { - "name" : "FEDORA-2008-9667", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html" - }, - { - "name" : "MDVSA-2008:228", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228" - }, - { - "name" : "MDVSA-2008:230", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:230" - }, - { - "name" : "RHSA-2008:0977", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0977.html" - }, - { - "name" : "RHSA-2008:0978", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0978.html" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:055", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html" - }, - { - "name" : "USN-667-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-667-1" - }, - { - "name" : "TA08-319A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-319A.html" - }, - { - "name" : "32281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32281" - }, - { - "name" : "oval:org.mitre.oval:def:9908", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908" - }, - { - "name" : "1021189", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021189" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "32684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32684" - }, - { - "name" : "32713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32713" - }, - { - "name" : "32778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32778" - }, - { - "name" : "32853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32853" - }, - { - "name" : "ADV-2008-3146", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3146" - }, - { - "name" : "32721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32721" - }, - { - "name" : "32845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32845" - }, - { - "name" : "32693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32693" - }, - { - "name" : "32694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32694" - }, - { - "name" : "32695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32695" - }, - { - "name" : "32714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32714" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3146", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3146" + }, + { + "name": "DSA-1671", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1671" + }, + { + "name": "32281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32281" + }, + { + "name": "FEDORA-2008-9667", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html" + }, + { + "name": "32713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32713" + }, + { + "name": "RHSA-2008:0977", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0977.html" + }, + { + "name": "MDVSA-2008:230", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:230" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "32695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32695" + }, + { + "name": "RHSA-2008:0978", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0978.html" + }, + { + "name": "DSA-1669", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1669" + }, + { + "name": "32778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32778" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-57.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-57.html" + }, + { + "name": "FEDORA-2008-9669", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html" + }, + { + "name": "1021189", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021189" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "SUSE-SA:2008:055", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html" + }, + { + "name": "32694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32694" + }, + { + "name": "32721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32721" + }, + { + "name": "TA08-319A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-319A.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=424733", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=424733" + }, + { + "name": "32853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32853" + }, + { + "name": "32693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32693" + }, + { + "name": "MDVSA-2008:228", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:228" + }, + { + "name": "32845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32845" + }, + { + "name": "32684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32684" + }, + { + "name": "USN-667-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-667-1" + }, + { + "name": "32714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32714" + }, + { + "name": "oval:org.mitre.oval:def:9908", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5294.json b/2008/5xxx/CVE-2008-5294.json index cf5f0c8121c..f8b48b466eb 100644 --- a/2008/5xxx/CVE-2008-5294.json +++ b/2008/5xxx/CVE-2008-5294.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7223", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7223" - }, - { - "name" : "50200", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50200" - }, - { - "name" : "32873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32873" - }, - { - "name" : "4670", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4670" - }, - { - "name" : "ecatalogue-index-sql-injection(46832)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ecatalogue-index-sql-injection(46832)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46832" + }, + { + "name": "50200", + "refsource": "OSVDB", + "url": "http://osvdb.org/50200" + }, + { + "name": "4670", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4670" + }, + { + "name": "32873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32873" + }, + { + "name": "7223", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7223" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5523.json b/2008/5xxx/CVE-2008-5523.json index 3b21204a825..d51829d5498 100644 --- a/2008/5xxx/CVE-2008-5523.json +++ b/2008/5xxx/CVE-2008-5523.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded" - }, - { - "name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded" - }, - { - "name" : "4723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4723" - }, - { - "name" : "multiple-antivirus-mzheader-code-execution(47435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-antivirus-mzheader-code-execution(47435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" + }, + { + "name": "4723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4723" + }, + { + "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded" + }, + { + "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5713.json b/2008/5xxx/CVE-2008-5713.json index 4c7c5532685..326a7277ed1 100644 --- a/2008/5xxx/CVE-2008-5713.json +++ b/2008/5xxx/CVE-2008-5713.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081223 CVE request: kernel: soft lockup occurs when network load is very high", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2008/12/23/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=477744", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=477744" - }, - { - "name" : "DSA-1794", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1794" - }, - { - "name" : "RHSA-2009:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0264.html" - }, - { - "name" : "USN-714-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/714-1/" - }, - { - "name" : "32985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32985" - }, - { - "name" : "oval:org.mitre.oval:def:9385", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9385" - }, - { - "name" : "33706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33706" - }, - { - "name" : "33858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33858" - }, - { - "name" : "35011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33706" + }, + { + "name": "[oss-security] 20081223 CVE request: kernel: soft lockup occurs when network load is very high", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2008/12/23/1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0" + }, + { + "name": "DSA-1794", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1794" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=477744", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=477744" + }, + { + "name": "35011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35011" + }, + { + "name": "oval:org.mitre.oval:def:9385", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9385" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25" + }, + { + "name": "RHSA-2009:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0264.html" + }, + { + "name": "33858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33858" + }, + { + "name": "32985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32985" + }, + { + "name": "USN-714-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/714-1/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2100.json b/2011/2xxx/CVE-2011-2100.json index 14b36f1b24d..c2f2d087bc9 100644 --- a/2011/2xxx/CVE-2011-2100.json +++ b/2011/2xxx/CVE-2011-2100.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-16.html" - }, - { - "name" : "TA11-166A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" - }, - { - "name" : "48252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48252" - }, - { - "name" : "73062", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73062" - }, - { - "name" : "oval:org.mitre.oval:def:14057", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14057" - }, - { - "name" : "1025658", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025658" - }, - { - "name" : "adobe-reader-dll-ce(68014)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14057", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14057" + }, + { + "name": "adobe-reader-dll-ce(68014)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68014" + }, + { + "name": "48252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48252" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-16.html" + }, + { + "name": "TA11-166A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" + }, + { + "name": "1025658", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025658" + }, + { + "name": "73062", + "refsource": "OSVDB", + "url": "http://osvdb.org/73062" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2355.json b/2011/2xxx/CVE-2011-2355.json index 93640b94c25..8ee57731727 100644 --- a/2011/2xxx/CVE-2011-2355.json +++ b/2011/2xxx/CVE-2011-2355.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2355", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2355", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2361.json b/2011/2xxx/CVE-2011-2361.json index 00757bc4bf8..7e42ea30ef9 100644 --- a/2011/2xxx/CVE-2011-2361.json +++ b/2011/2xxx/CVE-2011-2361.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=79426", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=79426" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" - }, - { - "name" : "74231", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74231" - }, - { - "name" : "oval:org.mitre.oval:def:14595", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14595" - }, - { - "name" : "chrome-auth-dialog-weak-security(68943)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14595", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14595" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=79426", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=79426" + }, + { + "name": "chrome-auth-dialog-weak-security(68943)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68943" + }, + { + "name": "74231", + "refsource": "OSVDB", + "url": "http://osvdb.org/74231" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2714.json b/2011/2xxx/CVE-2011-2714.json index 7e2cddf88ba..9bfd0ae8c68 100644 --- a/2011/2xxx/CVE-2011-2714.json +++ b/2011/2xxx/CVE-2011-2714.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2714", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2714", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3580.json b/2011/3xxx/CVE-2011-3580.json index e86280ccab9..43224258dfa 100644 --- a/2011/3xxx/CVE-2011-3580.json +++ b/2011/3xxx/CVE-2011-3580.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110923 TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html" - }, - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt" - }, - { - "name" : "49753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49753" - }, - { - "name" : "75722", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/75722" - }, - { - "name" : "1026093", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026093" - }, - { - "name" : "8404", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8404" - }, - { - "name" : "icewarpwebmail-phpinfo-info-disc(70026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110923 TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html" + }, + { + "name": "49753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49753" + }, + { + "name": "75722", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/75722" + }, + { + "name": "icewarpwebmail-phpinfo-info-disc(70026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70026" + }, + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt" + }, + { + "name": "8404", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8404" + }, + { + "name": "1026093", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026093" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3688.json b/2011/3xxx/CVE-2011-3688.json index 484a3a7926b..fd44d97b275 100644 --- a/2011/3xxx/CVE-2011-3688.json +++ b/2011/3xxx/CVE-2011-3688.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html" - }, - { - "name" : "8401", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8401", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8401" + }, + { + "name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html", + "refsource": "MISC", + "url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0241.json b/2013/0xxx/CVE-2013-0241.json index b3f8ee773bc..555e631bceb 100644 --- a/2013/0xxx/CVE-2013-0241.json +++ b/2013/0xxx/CVE-2013-0241.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130130 CVE request -- qxl: synchronous io guest DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/01/30/3" - }, - { - "name" : "[oss-security] 20130130 Re: CVE request -- qxl: synchronous io guest DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/01/30/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=906032", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=906032" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0036", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0036" - }, - { - "name" : "MDVSA-2013:138", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:138" - }, - { - "name" : "RHSA-2013:0218", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0218.html" - }, - { - "name" : "USN-1714-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1714-1" - }, - { - "name" : "52021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52021" - }, - { - "name" : "qxl-virtual-spice-dos(81704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=906032", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906032" + }, + { + "name": "MDVSA-2013:138", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:138" + }, + { + "name": "[oss-security] 20130130 CVE request -- qxl: synchronous io guest DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/01/30/3" + }, + { + "name": "qxl-virtual-spice-dos(81704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81704" + }, + { + "name": "52021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52021" + }, + { + "name": "[oss-security] 20130130 Re: CVE request -- qxl: synchronous io guest DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/01/30/4" + }, + { + "name": "USN-1714-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1714-1" + }, + { + "name": "RHSA-2013:0218", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0218.html" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0036", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0036" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0848.json b/2013/0xxx/CVE-2013-0848.json index 509c438750b..3dfbdeb6099 100644 --- a/2013/0xxx/CVE-2013-0848.json +++ b/2013/0xxx/CVE-2013-0848.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - }, - { - "name" : "MDVSA-2014:227", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2014:227", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0906.json b/2013/0xxx/CVE-2013-0906.json index dea57746dad..2b862add078 100644 --- a/2013/0xxx/CVE-2013-0906.json +++ b/2013/0xxx/CVE-2013-0906.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=174895", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=174895" - }, - { - "name" : "oval:org.mitre.oval:def:16653", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=174895", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=174895" + }, + { + "name": "oval:org.mitre.oval:def:16653", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16653" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1197.json b/2013/1xxx/CVE-2013-1197.json index f13b546808f..cd5fc3847de 100644 --- a/2013/1xxx/CVE-2013-1197.json +++ b/2013/1xxx/CVE-2013-1197.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130415 Cisco Unified Presence XMPP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130415 Cisco Unified Presence XMPP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1197" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1199.json b/2013/1xxx/CVE-2013-1199.json index b660ea84c7a..1bb22aeab64 100644 --- a/2013/1xxx/CVE-2013-1199.json +++ b/2013/1xxx/CVE-2013-1199.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130417 Cisco ASA Clientless SSL VPN CIFS Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130417 Cisco ASA Clientless SSL VPN CIFS Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1199" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1631.json b/2013/1xxx/CVE-2013-1631.json index 1d562cee480..147a6d15f15 100644 --- a/2013/1xxx/CVE-2013-1631.json +++ b/2013/1xxx/CVE-2013-1631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4216.json b/2013/4xxx/CVE-2013-4216.json index 99aef8b6efe..9b1680e404f 100644 --- a/2013/4xxx/CVE-2013-4216.json +++ b/2013/4xxx/CVE-2013-4216.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permissions for wimaxd.log, which allows local users to cause a denial of service (data corruption) by modifying this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130808 Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/08/08/17" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=911122", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=911122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permissions for wimaxd.log, which allows local users to cause a denial of service (data corruption) by modifying this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130808 Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/08/08/17" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=911122", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911122" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4402.json b/2013/4xxx/CVE-2013-4402.json index 12437f81a76..e217ed28e4b 100644 --- a/2013/4xxx/CVE-2013-4402.json +++ b/2013/4xxx/CVE-2013-4402.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released", - "refsource" : "MLIST", - "url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html" - }, - { - "name" : "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released", - "refsource" : "MLIST", - "url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1015685", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1015685" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433" - }, - { - "name" : "DSA-2773", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2773" - }, - { - "name" : "DSA-2774", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2774" - }, - { - "name" : "RHSA-2013:1459", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1459.html" - }, - { - "name" : "openSUSE-SU-2013:1546", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html" - }, - { - "name" : "openSUSE-SU-2013:1552", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html" - }, - { - "name" : "USN-1987-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1987-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015685" + }, + { + "name": "openSUSE-SU-2013:1546", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00020.html" + }, + { + "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 1.4.15 released", + "refsource": "MLIST", + "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html" + }, + { + "name": "USN-1987-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1987-1" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725433" + }, + { + "name": "[Gnupg-announce] 20131005 [Announce] [security fix] GnuPG 2.0.22 released", + "refsource": "MLIST", + "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html" + }, + { + "name": "DSA-2773", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2773" + }, + { + "name": "openSUSE-SU-2013:1552", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00025.html" + }, + { + "name": "RHSA-2013:1459", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html" + }, + { + "name": "DSA-2774", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2774" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4798.json b/2013/4xxx/CVE-2013-4798.json index dd8ea1fa582..94fc7b264c6 100644 --- a/2013/4xxx/CVE-2013-4798.json +++ b/2013/4xxx/CVE-2013-4798.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02905", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772" - }, - { - "name" : "SSRT101074", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772" - }, - { - "name" : "61443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61443" - }, - { - "name" : "95642", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95642" - }, - { - "name" : "hp-loadrunner-cve20134798-code-exec(85958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101074", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772" + }, + { + "name": "hp-loadrunner-cve20134798-code-exec(85958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85958" + }, + { + "name": "HPSBGN02905", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772" + }, + { + "name": "95642", + "refsource": "OSVDB", + "url": "http://osvdb.org/95642" + }, + { + "name": "61443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61443" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4828.json b/2013/4xxx/CVE-2013-4828.json index ffff7893c9d..63f2b40f643 100644 --- a/2013/4xxx/CVE-2013-4828.json +++ b/2013/4xxx/CVE-2013-4828.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI02892", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014" - }, - { - "name" : "SSRT101249", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPI02892", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014" + }, + { + "name": "SSRT101249", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5807.json b/2013/5xxx/CVE-2013-5807.json index 7d8b7e4b846..787a9947347 100644 --- a/2013/5xxx/CVE-2013-5807.json +++ b/2013/5xxx/CVE-2013-5807.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "DSA-2818", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2818" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "RHSA-2014:0173", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0173.html" - }, - { - "name" : "RHSA-2014:0186", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0186.html" - }, - { - "name" : "RHSA-2014:0189", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0189.html" - }, - { - "name" : "USN-2006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2006-1" - }, - { - "name" : "63105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63105" - }, - { - "name" : "1029184", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2818", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2818" + }, + { + "name": "RHSA-2014:0186", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0186.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "63105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63105" + }, + { + "name": "USN-2006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2006-1" + }, + { + "name": "RHSA-2014:0173", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0173.html" + }, + { + "name": "RHSA-2014:0189", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0189.html" + }, + { + "name": "1029184", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029184" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5917.json b/2013/5xxx/CVE-2013-5917.json index 22d5a41587c..c15b4bcef8b 100644 --- a/2013/5xxx/CVE-2013-5917.json +++ b/2013/5xxx/CVE-2013-5917.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130920 [iBliss Security Advisory] Blind SQL injection vulnerability in NOSpamPTI wordpress plugin", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0102.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130920 [iBliss Security Advisory] Blind SQL injection vulnerability in NOSpamPTI wordpress plugin", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0102.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5985.json b/2013/5xxx/CVE-2013-5985.json index 799bd9dc500..6d5b5a3169a 100644 --- a/2013/5xxx/CVE-2013-5985.json +++ b/2013/5xxx/CVE-2013-5985.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5985", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5985", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0610.json b/2017/0xxx/CVE-2017-0610.json index bece28a6c06..ac280d5db23 100644 --- a/2017/0xxx/CVE-2017-0610.json +++ b/2017/0xxx/CVE-2017-0610.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98255" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000125.json b/2017/1000xxx/CVE-2017-1000125.json index e3f23ce2e0c..60247d632d7 100644 --- a/2017/1000xxx/CVE-2017-1000125.json +++ b/2017/1000xxx/CVE-2017-1000125.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.338943", - "ID" : "CVE-2017-1000125", - "REQUESTER" : "wangyihanger@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Codiad (https://github.com/Codiad/Codiad)", - "version" : { - "version_data" : [ - { - "version_value" : "All curent versions" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Permissions" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.338943", + "ID": "CVE-2017-1000125", + "REQUESTER": "wangyihanger@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.jianshu.com/p/b09d20af2374", - "refsource" : "MISC", - "url" : "http://www.jianshu.com/p/b09d20af2374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.jianshu.com/p/b09d20af2374", + "refsource": "MISC", + "url": "http://www.jianshu.com/p/b09d20af2374" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000474.json b/2017/1000xxx/CVE-2017-1000474.json index b95af59bc90..4438507129c 100644 --- a/2017/1000xxx/CVE-2017-1000474.json +++ b/2017/1000xxx/CVE-2017-1000474.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000474", - "REQUESTER" : "drumsmith101@hotmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Vehicle Sales Management System", - "version" : { - "version_data" : [ - { - "version_value" : "2017-07-30" - } - ] - } - } - ] - }, - "vendor_name" : "Soyket Chowdhury" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000474", + "REQUESTER": "drumsmith101@hotmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44318", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44318/" - }, - { - "name" : "http://singsip.wixsite.com/singsip/vuln", - "refsource" : "MISC", - "url" : "http://singsip.wixsite.com/singsip/vuln" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44318", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44318/" + }, + { + "name": "http://singsip.wixsite.com/singsip/vuln", + "refsource": "MISC", + "url": "http://singsip.wixsite.com/singsip/vuln" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12075.json b/2017/12xxx/CVE-2017-12075.json index 66ce1369967..e17453d3059 100644 --- a/2017/12xxx/CVE-2017-12075.json +++ b/2017/12xxx/CVE-2017-12075.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-06-08T00:00:00", - "ID" : "CVE-2017-12075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DiskStation Manager (DSM)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.2-23739" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.2, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Special Elements used in a Command (CWE-77)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-06-08T00:00:00", + "ID": "CVE-2017-12075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DiskStation Manager (DSM)", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.2-23739" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_18_24", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_18_24" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Special Elements used in a Command (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_18_24", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_18_24" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12093.json b/2017/12xxx/CVE-2017-12093.json index 35bfd7994af..0f9b36070df 100644 --- a/2017/12xxx/CVE-2017-12093.json +++ b/2017/12xxx/CVE-2017-12093.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-03-28T00:00:00", - "ID" : "CVE-2017-12093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Allen Bradley", - "version" : { - "version_data" : [ - { - "version_value" : "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-03-28T00:00:00", + "ID": "CVE-2017-12093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Allen Bradley", + "version": { + "version_data": [ + { + "version_value": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12231.json b/2017/12xxx/CVE-2017-12231.json index 9558eaa091f..c7f6414a6a0 100644 --- a/2017/12xxx/CVE-2017-12231.json +++ b/2017/12xxx/CVE-2017-12231.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat" - }, - { - "name" : "101039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101039" - }, - { - "name" : "1039449", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039449", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039449" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat" + }, + { + "name": "101039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101039" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12336.json b/2017/12xxx/CVE-2017-12336.json index ee10b01ffb9..11702085be0 100644 --- a/2017/12xxx/CVE-2017-12336.json +++ b/2017/12xxx/CVE-2017-12336.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco NX-OS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco NX-OS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco NX-OS", + "version": { + "version_data": [ + { + "version_value": "Cisco NX-OS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5" - }, - { - "name" : "102168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102168" - }, - { - "name" : "1039936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102168" + }, + { + "name": "1039936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039936" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12337.json b/2017/12xxx/CVE-2017-12337.json index 181f3a8a03e..7ee36a5b58b 100644 --- a/2017/12xxx/CVE-2017-12337.json +++ b/2017/12xxx/CVE-2017-12337.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Voice Operating System", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Voice Operating System" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Voice Operating System", + "version": { + "version_data": [ + { + "version_value": "Cisco Voice Operating System" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos" - }, - { - "name" : "101865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101865" - }, - { - "name" : "1039813", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039813" - }, - { - "name" : "1039814", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039814" - }, - { - "name" : "1039815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039815" - }, - { - "name" : "1039816", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039816" - }, - { - "name" : "1039817", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039817" - }, - { - "name" : "1039818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039818" - }, - { - "name" : "1039819", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039819" - }, - { - "name" : "1039820", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101865" + }, + { + "name": "1039815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039815" + }, + { + "name": "1039817", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039817" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos" + }, + { + "name": "1039814", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039814" + }, + { + "name": "1039818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039818" + }, + { + "name": "1039819", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039819" + }, + { + "name": "1039820", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039820" + }, + { + "name": "1039813", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039813" + }, + { + "name": "1039816", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039816" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12827.json b/2017/12xxx/CVE-2017-12827.json index 8d339638942..6a9b7d67731 100644 --- a/2017/12xxx/CVE-2017-12827.json +++ b/2017/12xxx/CVE-2017-12827.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12827", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-12827", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13405.json b/2017/13xxx/CVE-2017-13405.json index 8279cdd8c81..425be407613 100644 --- a/2017/13xxx/CVE-2017-13405.json +++ b/2017/13xxx/CVE-2017-13405.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13405", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13405", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16127.json b/2017/16xxx/CVE-2017-16127.json index c43ed42c8fa..6bd35f54c3b 100644 --- a/2017/16xxx/CVE-2017-16127.json +++ b/2017/16xxx/CVE-2017-16127.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pandora-doomsday node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The module pandora-doomsday infects other modules. It's since been unpublished from the registry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Replicating Malicious Code (Virus or Worm) (CWE-509)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pandora-doomsday node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/482", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The module pandora-doomsday infects other modules. It's since been unpublished from the registry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Replicating Malicious Code (Virus or Worm) (CWE-509)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/482", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/482" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16856.json b/2017/16xxx/CVE-2017-16856.json index 3071b42f432..23ba3498030 100644 --- a/2017/16xxx/CVE-2017-16856.json +++ b/2017/16xxx/CVE-2017-16856.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2017-12-05T00:00:00", - "ID" : "CVE-2017-16856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Confluence", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 6.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-12-05T00:00:00", + "ID": "CVE-2017-16856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 6.5.2" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CONFSERVER-54395", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CONFSERVER-54395" - }, - { - "name" : "102094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/CONFSERVER-54395", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CONFSERVER-54395" + }, + { + "name": "102094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102094" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4292.json b/2017/4xxx/CVE-2017-4292.json index e1930d4d6fe..15fd615c42e 100644 --- a/2017/4xxx/CVE-2017-4292.json +++ b/2017/4xxx/CVE-2017-4292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4292", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4292", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4668.json b/2017/4xxx/CVE-2017-4668.json index 61d50d01c96..ffbc2bb9440 100644 --- a/2017/4xxx/CVE-2017-4668.json +++ b/2017/4xxx/CVE-2017-4668.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4668", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4668", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4674.json b/2017/4xxx/CVE-2017-4674.json index a6611d4108e..e9f4d904f70 100644 --- a/2017/4xxx/CVE-2017-4674.json +++ b/2017/4xxx/CVE-2017-4674.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4674", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4674", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18085.json b/2018/18xxx/CVE-2018-18085.json index 2e244e75d78..0bb6d064f41 100644 --- a/2018/18xxx/CVE-2018-18085.json +++ b/2018/18xxx/CVE-2018-18085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18085", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18085", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18151.json b/2018/18xxx/CVE-2018-18151.json index a2eac92072f..96c6f4985f3 100644 --- a/2018/18xxx/CVE-2018-18151.json +++ b/2018/18xxx/CVE-2018-18151.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18151", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18151", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5099.json b/2018/5xxx/CVE-2018-5099.json index d4e77a186d1..dfd332ff7cf 100644 --- a/2018/5xxx/CVE-2018-5099.json +++ b/2018/5xxx/CVE-2018-5099.json @@ -1,145 +1,145 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.6" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.6" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "58" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free with widget listener" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.6" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "58" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" - }, - { - "name" : "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1416878", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1416878" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-03/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-03/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-04/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-04/" - }, - { - "name" : "DSA-4096", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4096" - }, - { - "name" : "DSA-4102", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4102" - }, - { - "name" : "RHSA-2018:0122", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0122" - }, - { - "name" : "RHSA-2018:0262", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0262" - }, - { - "name" : "USN-3544-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3544-1/" - }, - { - "name" : "102783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102783" - }, - { - "name" : "1040270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free with widget listener" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-03/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/" + }, + { + "name": "1040270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040270" + }, + { + "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html" + }, + { + "name": "102783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102783" + }, + { + "name": "DSA-4096", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4096" + }, + { + "name": "RHSA-2018:0262", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0262" + }, + { + "name": "USN-3544-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3544-1/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-04/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-04/" + }, + { + "name": "RHSA-2018:0122", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0122" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" + }, + { + "name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1416878", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1416878" + }, + { + "name": "DSA-4102", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4102" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5481.json b/2018/5xxx/CVE-2018-5481.json index 78f7556ee26..b8c427e8af7 100644 --- a/2018/5xxx/CVE-2018-5481.json +++ b/2018/5xxx/CVE-2018-5481.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@netapp.com", - "ID" : "CVE-2018-5481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OnCommand Unified Manager for 7-Mode (core package)", - "version" : { - "version_data" : [ - { - "version_value" : "Versions prior to 5.2.4" - } - ] - } - } - ] - }, - "vendor_name" : "NetApp" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Man-in-the-middle (MITM)" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@netapp.com", + "ID": "CVE-2018-5481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OnCommand Unified Manager for 7-Mode (core package)", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 5.2.4" + } + ] + } + } + ] + }, + "vendor_name": "NetApp" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20190104-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190104-0001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Man-in-the-middle (MITM)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20190104-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190104-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5714.json b/2018/5xxx/CVE-2018-5714.json index 4bdb850627d..b5bd9210ea3 100644 --- a/2018/5xxx/CVE-2018-5714.json +++ b/2018/5xxx/CVE-2018-5714.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/whiteHat001/DRIVER_POC/tree/master/malwarefox/0x80002054", - "refsource" : "MISC", - "url" : "https://github.com/whiteHat001/DRIVER_POC/tree/master/malwarefox/0x80002054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/whiteHat001/DRIVER_POC/tree/master/malwarefox/0x80002054", + "refsource": "MISC", + "url": "https://github.com/whiteHat001/DRIVER_POC/tree/master/malwarefox/0x80002054" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5853.json b/2018/5xxx/CVE-2018-5853.json index ba0f7f75fa0..9d3b1c5788a 100644 --- a/2018/5xxx/CVE-2018-5853.json +++ b/2018/5xxx/CVE-2018-5853.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-07-02T00:00:00", - "ID" : "CVE-2018-5853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-07-02T00:00:00", + "ID": "CVE-2018-5853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-05-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f64e9815f0488a7b37e4e1395a1457d1dfefda66", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f64e9815f0488a7b37e4e1395a1457d1dfefda66" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-05-01" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f64e9815f0488a7b37e4e1395a1457d1dfefda66", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f64e9815f0488a7b37e4e1395a1457d1dfefda66" + } + ] + } +} \ No newline at end of file