From f018d46c1f5df72d4ff57cb66151b2f814945d97 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:42:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0167.json | 140 ++++++------ 2001/0xxx/CVE-2001-0650.json | 170 +++++++-------- 2001/0xxx/CVE-2001-0764.json | 170 +++++++-------- 2001/0xxx/CVE-2001-0827.json | 130 ++++++------ 2001/0xxx/CVE-2001-0883.json | 34 +-- 2001/1xxx/CVE-2001-1216.json | 160 +++++++------- 2006/2xxx/CVE-2006-2158.json | 170 +++++++-------- 2006/2xxx/CVE-2006-2466.json | 160 +++++++------- 2006/2xxx/CVE-2006-2486.json | 150 ++++++------- 2006/2xxx/CVE-2006-2527.json | 170 +++++++-------- 2006/2xxx/CVE-2006-2595.json | 34 +-- 2006/2xxx/CVE-2006-2883.json | 180 ++++++++-------- 2006/2xxx/CVE-2006-2906.json | 330 ++++++++++++++--------------- 2006/6xxx/CVE-2006-6173.json | 230 ++++++++++---------- 2006/6xxx/CVE-2006-6943.json | 140 ++++++------ 2011/2xxx/CVE-2011-2086.json | 34 +-- 2011/2xxx/CVE-2011-2239.json | 130 ++++++------ 2011/2xxx/CVE-2011-2322.json | 120 +++++------ 2011/2xxx/CVE-2011-2368.json | 150 ++++++------- 2011/2xxx/CVE-2011-2707.json | 150 ++++++------- 2011/3xxx/CVE-2011-3007.json | 150 ++++++------- 2011/3xxx/CVE-2011-3305.json | 170 +++++++-------- 2011/3xxx/CVE-2011-3383.json | 130 ++++++------ 2011/3xxx/CVE-2011-3525.json | 150 ++++++------- 2011/3xxx/CVE-2011-3916.json | 140 ++++++------ 2011/4xxx/CVE-2011-4262.json | 120 +++++------ 2011/4xxx/CVE-2011-4302.json | 140 ++++++------ 2011/4xxx/CVE-2011-4572.json | 160 +++++++------- 2011/4xxx/CVE-2011-4866.json | 120 +++++------ 2011/4xxx/CVE-2011-4992.json | 34 +-- 2013/0xxx/CVE-2013-0214.json | 240 ++++++++++----------- 2013/0xxx/CVE-2013-0827.json | 34 +-- 2013/0xxx/CVE-2013-0840.json | 140 ++++++------ 2013/1xxx/CVE-2013-1122.json | 120 +++++------ 2013/1xxx/CVE-2013-1754.json | 34 +-- 2013/1xxx/CVE-2013-1950.json | 140 ++++++------ 2013/5xxx/CVE-2013-5061.json | 34 +-- 2013/5xxx/CVE-2013-5068.json | 34 +-- 2013/5xxx/CVE-2013-5110.json | 34 +-- 2013/5xxx/CVE-2013-5353.json | 160 +++++++------- 2014/2xxx/CVE-2014-2032.json | 170 +++++++-------- 2014/2xxx/CVE-2014-2221.json | 34 +-- 2014/2xxx/CVE-2014-2853.json | 200 ++++++++--------- 2017/0xxx/CVE-2017-0462.json | 130 ++++++------ 2017/0xxx/CVE-2017-0860.json | 158 +++++++------- 2017/0xxx/CVE-2017-0896.json | 140 ++++++------ 2017/0xxx/CVE-2017-0904.json | 162 +++++++------- 2017/1000xxx/CVE-2017-1000200.json | 134 ++++++------ 2017/1000xxx/CVE-2017-1000399.json | 124 +++++------ 2017/12xxx/CVE-2017-12097.json | 132 ++++++------ 2017/12xxx/CVE-2017-12126.json | 122 +++++------ 2017/16xxx/CVE-2017-16177.json | 132 ++++++------ 2017/16xxx/CVE-2017-16188.json | 132 ++++++------ 2017/16xxx/CVE-2017-16298.json | 34 +-- 2017/4xxx/CVE-2017-4093.json | 34 +-- 2017/4xxx/CVE-2017-4488.json | 34 +-- 2017/4xxx/CVE-2017-4496.json | 34 +-- 2017/4xxx/CVE-2017-4941.json | 188 ++++++++-------- 2017/4xxx/CVE-2017-4974.json | 130 ++++++------ 2018/5xxx/CVE-2018-5306.json | 140 ++++++------ 2018/5xxx/CVE-2018-5361.json | 130 ++++++------ 2018/5xxx/CVE-2018-5854.json | 122 +++++------ 62 files changed, 3926 insertions(+), 3926 deletions(-) diff --git a/2001/0xxx/CVE-2001-0167.json b/2001/0xxx/CVE-2001-0167.json index a36ddd54e38..f52fa799227 100644 --- a/2001/0xxx/CVE-2001-0167.json +++ b/2001/0xxx/CVE-2001-0167.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010129 [CORE SDI ADVISORY] WinVNC client buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98088315825366&w=2" - }, - { - "name" : "2305", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2305" - }, - { - "name" : "winvnc-client-bo(6025)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "winvnc-client-bo(6025)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6025" + }, + { + "name": "2305", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2305" + }, + { + "name": "20010129 [CORE SDI ADVISORY] WinVNC client buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98088315825366&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0650.json b/2001/0xxx/CVE-2001-0650.json index 5db3912ba1b..48b7d4ce364 100644 --- a/2001/0xxx/CVE-2001-0650.json +++ b/2001/0xxx/CVE-2001-0650.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010510 Cisco IOS BGP Attribute Corruption Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml" - }, - { - "name" : "VU#106392", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/106392" - }, - { - "name" : "L-082", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/l-082.shtml" - }, - { - "name" : "cisco-ios-bgp-dos(6566)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6566" - }, - { - "name" : "2733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2733" - }, - { - "name" : "1830", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1830", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1830" + }, + { + "name": "cisco-ios-bgp-dos(6566)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6566" + }, + { + "name": "20010510 Cisco IOS BGP Attribute Corruption Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml" + }, + { + "name": "VU#106392", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/106392" + }, + { + "name": "L-082", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/l-082.shtml" + }, + { + "name": "2733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2733" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0764.json b/2001/0xxx/CVE-2001-0764.json index c462938ad6b..dde04dfd82f 100644 --- a/2001/0xxx/CVE-2001-0764.json +++ b/2001/0xxx/CVE-2001-0764.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010609 suid scotty / ntping overflow", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0579.html" - }, - { - "name" : "20010615 Re: suid scotty (ntping) overflow (fwd)", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0627.html" - }, - { - "name" : "20010621 suid scotty (ntping) overflow (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/192664" - }, - { - "name" : "SuSE-SA:2001:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2001_023_scotty_txt.html" - }, - { - "name" : "scotty-ntping-bo(6735)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6735" - }, - { - "name" : "2911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010615 Re: suid scotty (ntping) overflow (fwd)", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0627.html" + }, + { + "name": "20010621 suid scotty (ntping) overflow (fwd)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/192664" + }, + { + "name": "scotty-ntping-bo(6735)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6735" + }, + { + "name": "SuSE-SA:2001:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2001_023_scotty_txt.html" + }, + { + "name": "20010609 suid scotty / ntping overflow", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0579.html" + }, + { + "name": "2911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2911" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0827.json b/2001/0xxx/CVE-2001-0827.json index 6beb4af11a9..332feee5d42 100644 --- a/2001/0xxx/CVE-2001-0827.json +++ b/2001/0xxx/CVE-2001-0827.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of \"PASV\" requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010704 CesarFTPd, Cerberus FTPd", - "refsource" : "BUGTRAQ", - "url" : "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00070.html" - }, - { - "name" : "2976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of \"PASV\" requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010704 CesarFTPd, Cerberus FTPd", + "refsource": "BUGTRAQ", + "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00070.html" + }, + { + "name": "2976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2976" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0883.json b/2001/0xxx/CVE-2001-0883.json index 14b9b1cd542..7d879d2a53d 100644 --- a/2001/0xxx/CVE-2001-0883.json +++ b/2001/0xxx/CVE-2001-0883.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0883", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0883", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1216.json b/2001/1xxx/CVE-2001-1216.json index b9fbb95a848..bf1fb7360fc 100644 --- a/2001/1xxx/CVE-2001-1216.json +++ b/2001/1xxx/CVE-2001-1216.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011221 Buffer Overflow in Oracle 9iAS (#NISR20122001)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/246663" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/modplsql.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/modplsql.pdf" - }, - { - "name" : "VU#500203", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/500203" - }, - { - "name" : "oracle-appserver-modplsql-bo(7727)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7727.php" - }, - { - "name" : "3726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#500203", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/500203" + }, + { + "name": "oracle-appserver-modplsql-bo(7727)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7727.php" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/modplsql.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/modplsql.pdf" + }, + { + "name": "3726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3726" + }, + { + "name": "20011221 Buffer Overflow in Oracle 9iAS (#NISR20122001)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/246663" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2158.json b/2006/2xxx/CVE-2006-2158.json index f82721ac659..b83ba5c181a 100644 --- a/2006/2xxx/CVE-2006-2158.json +++ b/2006/2xxx/CVE-2006-2158.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://retrogod.altervista.org/gbs_17_xpl_pl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/gbs_17_xpl_pl.html" - }, - { - "name" : "http://www.stadtaus.com/forum/t-2600.html", - "refsource" : "MISC", - "url" : "http://www.stadtaus.com/forum/t-2600.html" - }, - { - "name" : "17845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17845" - }, - { - "name" : "ADV-2006-1660", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1660" - }, - { - "name" : "19957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19957" - }, - { - "name" : "guestbook-includefiles-file-include(26252)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19957" + }, + { + "name": "17845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17845" + }, + { + "name": "guestbook-includefiles-file-include(26252)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26252" + }, + { + "name": "http://retrogod.altervista.org/gbs_17_xpl_pl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/gbs_17_xpl_pl.html" + }, + { + "name": "http://www.stadtaus.com/forum/t-2600.html", + "refsource": "MISC", + "url": "http://www.stadtaus.com/forum/t-2600.html" + }, + { + "name": "ADV-2006-1660", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1660" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2466.json b/2006/2xxx/CVE-2006-2466.json index d13efcc383d..5d3b405903d 100644 --- a/2006/2xxx/CVE-2006-2466.json +++ b/2006/2xxx/CVE-2006-2466.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a \"timing window\" when a compilation error occurs, aka the \"JSP showcode vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA06-130.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/192" - }, - { - "name" : "ADV-2006-1828", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1828" - }, - { - "name" : "1016100", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016100" - }, - { - "name" : "20130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20130" - }, - { - "name" : "weblogic-jsp-error-source-disclosure(26461)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a \"timing window\" when a compilation error occurs, aka the \"JSP showcode vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA06-130.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/192" + }, + { + "name": "weblogic-jsp-error-source-disclosure(26461)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26461" + }, + { + "name": "20130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20130" + }, + { + "name": "1016100", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016100" + }, + { + "name": "ADV-2006-1828", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1828" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2486.json b/2006/2xxx/CVE-2006-2486.json index f71234fbc98..038dc563e0c 100644 --- a/2006/2xxx/CVE-2006-2486.json +++ b/2006/2xxx/CVE-2006-2486.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060515 YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434039/100/0/threaded" - }, - { - "name" : "17988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17988" - }, - { - "name" : "923", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/923" - }, - { - "name" : "yapbb-find-sql-injection(26456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "yapbb-find-sql-injection(26456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26456" + }, + { + "name": "20060515 YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434039/100/0/threaded" + }, + { + "name": "923", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/923" + }, + { + "name": "17988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17988" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2527.json b/2006/2xxx/CVE-2006-2527.json index 314255b3bf4..44d90ece4d4 100644 --- a/2006/2xxx/CVE-2006-2527.json +++ b/2006/2xxx/CVE-2006-2527.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060520 phpBazar <= 2.1.0 Multiple vulnerabilites", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434558/100/0/threaded" - }, - { - "name" : "18053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18053" - }, - { - "name" : "ADV-2006-1890", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1890" - }, - { - "name" : "25701", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25701" - }, - { - "name" : "20198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20198" - }, - { - "name" : "phpbazar-admin-authentication-bypass(26617)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbazar-admin-authentication-bypass(26617)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26617" + }, + { + "name": "ADV-2006-1890", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1890" + }, + { + "name": "20198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20198" + }, + { + "name": "18053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18053" + }, + { + "name": "20060520 phpBazar <= 2.1.0 Multiple vulnerabilites", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434558/100/0/threaded" + }, + { + "name": "25701", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25701" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2595.json b/2006/2xxx/CVE-2006-2595.json index 505265d171a..2cef688506a 100644 --- a/2006/2xxx/CVE-2006-2595.json +++ b/2006/2xxx/CVE-2006-2595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2595", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2583. Reason: This candidate is a duplicate of CVE-2006-2583. Notes: All CVE users should reference CVE-2006-2583 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-2595", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2583. Reason: This candidate is a duplicate of CVE-2006-2583. Notes: All CVE users should reference CVE-2006-2583 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2883.json b/2006/2xxx/CVE-2006-2883.json index ccb66242104..e98a34006ac 100644 --- a/2006/2xxx/CVE-2006-2883.json +++ b/2006/2xxx/CVE-2006-2883.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060605 Kmita FAQ v1.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435982/100/0/threaded" - }, - { - "name" : "18282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18282" - }, - { - "name" : "ADV-2006-2165", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2165" - }, - { - "name" : "1016226", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016226" - }, - { - "name" : "20471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20471" - }, - { - "name" : "1055", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1055" - }, - { - "name" : "kmitafaq-search-xss(26986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20471" + }, + { + "name": "20060605 Kmita FAQ v1.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435982/100/0/threaded" + }, + { + "name": "ADV-2006-2165", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2165" + }, + { + "name": "1016226", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016226" + }, + { + "name": "kmitafaq-search-xss(26986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26986" + }, + { + "name": "1055", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1055" + }, + { + "name": "18282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18282" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2906.json b/2006/2xxx/CVE-2006-2906.json index 2d4f25dc245..ab3014bec68 100644 --- a/2006/2xxx/CVE-2006-2906.json +++ b/2006/2xxx/CVE-2006-2906.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060606 libgd 2.0.33 infinite loop in GIF decoding ?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436132" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-939", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-939" - }, - { - "name" : "DSA-1117", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1117" - }, - { - "name" : "MDKSA-2006:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:112" - }, - { - "name" : "MDKSA-2006:113", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113" - }, - { - "name" : "MDKSA-2006:122", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" - }, - { - "name" : "SUSE-SA:2006:031", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_31_php.html" - }, - { - "name" : "2006-0038", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0038" - }, - { - "name" : "USN-298-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/298-1/" - }, - { - "name" : "18294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18294" - }, - { - "name" : "ADV-2006-2174", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2174" - }, - { - "name" : "20500", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20500" - }, - { - "name" : "20571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20571" - }, - { - "name" : "20853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20853" - }, - { - "name" : "20866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20866" - }, - { - "name" : "20887", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20887" - }, - { - "name" : "21050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21050" - }, - { - "name" : "21186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21186" - }, - { - "name" : "23783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23783" - }, - { - "name" : "20676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20676" - }, - { - "name" : "1067", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1067" - }, - { - "name" : "gdgraphicslibrary-gif-dos(26976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gdgraphicslibrary-gif-dos(26976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26976" + }, + { + "name": "23783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23783" + }, + { + "name": "21186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21186" + }, + { + "name": "20887", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20887" + }, + { + "name": "USN-298-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/298-1/" + }, + { + "name": "21050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21050" + }, + { + "name": "SUSE-SA:2006:031", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_31_php.html" + }, + { + "name": "20060606 libgd 2.0.33 infinite loop in GIF decoding ?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436132" + }, + { + "name": "2006-0038", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0038" + }, + { + "name": "MDKSA-2006:113", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:113" + }, + { + "name": "1067", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1067" + }, + { + "name": "ADV-2006-2174", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2174" + }, + { + "name": "20676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20676" + }, + { + "name": "https://issues.rpath.com/browse/RPL-939", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-939" + }, + { + "name": "DSA-1117", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1117" + }, + { + "name": "MDKSA-2006:122", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" + }, + { + "name": "20853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20853" + }, + { + "name": "MDKSA-2006:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:112" + }, + { + "name": "18294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18294" + }, + { + "name": "20866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20866" + }, + { + "name": "20500", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20500" + }, + { + "name": "20571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20571" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6173.json b/2006/6xxx/CVE-2006-6173.json index 16e2163c12f..bf41cb7fa9e 100644 --- a/2006/6xxx/CVE-2006-6173.json +++ b/2006/6xxx/CVE-2006-6173.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/mokb/MOKB-28-11-2006.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/mokb/MOKB-28-11-2006.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "21349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21349" - }, - { - "name" : "ADV-2006-4762", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4762" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "1017306", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017306" - }, - { - "name" : "1017751", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017751" - }, - { - "name" : "23120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23120" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - }, - { - "name" : "macos-sharedregion-privilege-escalation(30569)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23120" + }, + { + "name": "http://projects.info-pull.com/mokb/MOKB-28-11-2006.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/mokb/MOKB-28-11-2006.html" + }, + { + "name": "macos-sharedregion-privilege-escalation(30569)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30569" + }, + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "21349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21349" + }, + { + "name": "1017306", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017306" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "1017751", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017751" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "ADV-2006-4762", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4762" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6943.json b/2006/6xxx/CVE-2006-6943.json index e4c6e7b7f94..27e947bd99f 100644 --- a/2006/6xxx/CVE-2006-6943.json +++ b/2006/6xxx/CVE-2006-6943.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061116 PhpMyAdmin all version [multiples vulnerability]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116370414309444&w=2" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-8", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-8" - }, - { - "name" : "21137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-8", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-8" + }, + { + "name": "20061116 PhpMyAdmin all version [multiples vulnerability]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116370414309444&w=2" + }, + { + "name": "21137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21137" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2086.json b/2011/2xxx/CVE-2011-2086.json index e0d615a4625..dcc32f3aeb2 100644 --- a/2011/2xxx/CVE-2011-2086.json +++ b/2011/2xxx/CVE-2011-2086.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2086", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2086", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2239.json b/2011/2xxx/CVE-2011-2239.json index bade447c35e..893a446f69c 100644 --- a/2011/2xxx/CVE-2011-2239.json +++ b/2011/2xxx/CVE-2011-2239.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability, related to XMLSEQ_IMP_T." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability, related to XMLSEQ_IMP_T." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2322.json b/2011/2xxx/CVE-2011-2322.json index 656ed74605f..e34d23433cf 100644 --- a/2011/2xxx/CVE-2011-2322.json +++ b/2011/2xxx/CVE-2011-2322.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect integrity and availability, related to SYSDBA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect integrity and availability, related to SYSDBA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2368.json b/2011/2xxx/CVE-2011-2368.json index 2f18e0a5eda..0ba43ea75db 100644 --- a/2011/2xxx/CVE-2011-2368.json +++ b/2011/2xxx/CVE-2011-2368.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-26.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=657201", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=657201" - }, - { - "name" : "SUSE-SA:2011:028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" - }, - { - "name" : "oval:org.mitre.oval:def:13912", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-26.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-26.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=657201", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=657201" + }, + { + "name": "oval:org.mitre.oval:def:13912", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13912" + }, + { + "name": "SUSE-SA:2011:028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2707.json b/2011/2xxx/CVE-2011-2707.json index ce22bf5d7cd..bc51a49351c 100644 --- a/2011/2xxx/CVE-2011-2707.json +++ b/2011/2xxx/CVE-2011-2707.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110720 Re: CVE request: kernel: arbitrary kernel read in xtensa", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/20/18" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d0138ebe24b94065580bd2601f8bb7eb6152f56", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d0138ebe24b94065580bd2601f8bb7eb6152f56" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0d0138ebe24b94065580bd2601f8bb7eb6152f56", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/0d0138ebe24b94065580bd2601f8bb7eb6152f56" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d0138ebe24b94065580bd2601f8bb7eb6152f56", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d0138ebe24b94065580bd2601f8bb7eb6152f56" + }, + { + "name": "[oss-security] 20110720 Re: CVE request: kernel: arbitrary kernel read in xtensa", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/20/18" + }, + { + "name": "https://github.com/torvalds/linux/commit/0d0138ebe24b94065580bd2601f8bb7eb6152f56", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/0d0138ebe24b94065580bd2601f8bb7eb6152f56" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3007.json b/2011/3xxx/CVE-2011-3007.json index 148129824ce..f564c64646b 100644 --- a/2011/3xxx/CVE-2011-3007.json +++ b/2011/3xxx/CVE-2011-3007.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-11-13", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-11-13" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10016", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10016" - }, - { - "name" : "74513", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74513" - }, - { - "name" : "mcafee-saas-mycioscn-code-execution(69093)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10016", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10016" + }, + { + "name": "mcafee-saas-mycioscn-code-execution(69093)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69093" + }, + { + "name": "74513", + "refsource": "OSVDB", + "url": "http://osvdb.org/74513" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-13", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-13" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3305.json b/2011/3xxx/CVE-2011-3305.json index 24673e45941..818ac8b2bbd 100644 --- a/2011/3xxx/CVE-2011-3305.json +++ b/2011/3xxx/CVE-2011-3305.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111005 Directory Traversal Vulnerability in Cisco Network Admission Control Manager", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml" - }, - { - "name" : "49954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49954" - }, - { - "name" : "76080", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76080" - }, - { - "name" : "1026142", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026142" - }, - { - "name" : "46309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46309" - }, - { - "name" : "cisco-nac-directory-traversal(70335)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111005 Directory Traversal Vulnerability in Cisco Network Admission Control Manager", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml" + }, + { + "name": "1026142", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026142" + }, + { + "name": "46309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46309" + }, + { + "name": "49954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49954" + }, + { + "name": "76080", + "refsource": "OSVDB", + "url": "http://osvdb.org/76080" + }, + { + "name": "cisco-nac-directory-traversal(70335)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3383.json b/2011/3xxx/CVE-2011-3383.json index 1523e7da620..1784b824778 100644 --- a/2011/3xxx/CVE-2011-3383.json +++ b/2011/3xxx/CVE-2011-3383.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to \"the web page to be output.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-3383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#36684331", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN36684331/index.html" - }, - { - "name" : "JVNDB-2011-000080", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to \"the web page to be output.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#36684331", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN36684331/index.html" + }, + { + "name": "JVNDB-2011-000080", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000080" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3525.json b/2011/3xxx/CVE-2011-3525.json index 45102f4e7dc..1e596ab1e09 100644 --- a/2011/3xxx/CVE-2011-3525.json +++ b/2011/3xxx/CVE-2011-3525.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50197" - }, - { - "name" : "76516", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76516" - }, - { - "name" : "odbs-appex-apex-unspecified(70799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "50197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50197" + }, + { + "name": "odbs-appex-apex-unspecified(70799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70799" + }, + { + "name": "76516", + "refsource": "OSVDB", + "url": "http://osvdb.org/76516" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3916.json b/2011/3xxx/CVE-2011-3916.json index 7adec045056..3fedde1c3d8 100644 --- a/2011/3xxx/CVE-2011-3916.json +++ b/2011/3xxx/CVE-2011-3916.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=104959", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=104959" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14315", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=104959", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=104959" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14315", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14315" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4262.json b/2011/4xxx/CVE-2011-4262.json index 109b551302a..2a1451f607a 100644 --- a/2011/4xxx/CVE-2011-4262.json +++ b/2011/4xxx/CVE-2011-4262.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/11182011_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/11182011_player/en/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.real.com/realplayer/security/11182011_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/11182011_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4302.json b/2011/4xxx/CVE-2011-4302.json index 4c774b7f30f..b223387b18f 100644 --- a/2011/4xxx/CVE-2011-4302.json +++ b/2011/4xxx/CVE-2011-4302.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=54941685e3e86ec085641dcb7ebb1f96f06735b2", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=54941685e3e86ec085641dcb7ebb1f96f06735b2" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=188314", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=188314" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moodle.org/mod/forum/discuss.php?d=188314", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=188314" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=54941685e3e86ec085641dcb7ebb1f96f06735b2", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=54941685e3e86ec085641dcb7ebb1f96f06735b2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=747444", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4572.json b/2011/4xxx/CVE-2011-4572.json index 0b1adecda98..0c10364e978 100644 --- a/2011/4xxx/CVE-2011-4572.json +++ b/2011/4xxx/CVE-2011-4572.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17927", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17927" - }, - { - "name" : "http://packetstormsecurity.org/files/view/105524/cfimagehosting1382-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/105524/cfimagehosting1382-disclose.txt" - }, - { - "name" : "76059", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76059" - }, - { - "name" : "46290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46290" - }, - { - "name" : "cfimagehostingscript-tesmodrewrite-xss(70347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17927", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17927" + }, + { + "name": "http://packetstormsecurity.org/files/view/105524/cfimagehosting1382-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/105524/cfimagehosting1382-disclose.txt" + }, + { + "name": "46290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46290" + }, + { + "name": "cfimagehostingscript-tesmodrewrite-xss(70347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70347" + }, + { + "name": "76059", + "refsource": "OSVDB", + "url": "http://osvdb.org/76059" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4866.json b/2011/4xxx/CVE-2011-4866.json index 309da02adfc..7f9f8616b1d 100644 --- a/2011/4xxx/CVE-2011-4866.json +++ b/2011/4xxx/CVE-2011-4866.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext password via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4866-vulnerability-in-Kaixin001.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4866-vulnerability-in-Kaixin001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext password via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4866-vulnerability-in-Kaixin001.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4866-vulnerability-in-Kaixin001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4992.json b/2011/4xxx/CVE-2011-4992.json index adfabe8c2c0..72ceccb4cfc 100644 --- a/2011/4xxx/CVE-2011-4992.json +++ b/2011/4xxx/CVE-2011-4992.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4992", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4992", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0214.json b/2013/0xxx/CVE-2013-0214.json index d6bdcb5b380..35ba6ec4033 100644 --- a/2013/0xxx/CVE-2013-0214.json +++ b/2013/0xxx/CVE-2013-0214.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.samba.org/samba/security/CVE-2013-0214", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2013-0214" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" - }, - { - "name" : "DSA-2617", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2617" - }, - { - "name" : "RHSA-2013:1310", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1310.html" - }, - { - "name" : "RHSA-2013:1542", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1542.html" - }, - { - "name" : "RHSA-2014:0305", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0305.html" - }, - { - "name" : "SUSE-SU-2013:0326", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html" - }, - { - "name" : "openSUSE-SU-2013:0277", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00029.html" - }, - { - "name" : "openSUSE-SU-2013:0281", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00033.html" - }, - { - "name" : "SUSE-SU-2013:0519", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00042.html" - }, - { - "name" : "USN-2922-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2922-1" - }, - { - "name" : "57631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57631" - }, - { - "name" : "89627", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0326", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html" + }, + { + "name": "89627", + "refsource": "OSVDB", + "url": "http://osvdb.org/89627" + }, + { + "name": "openSUSE-SU-2013:0281", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00033.html" + }, + { + "name": "57631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57631" + }, + { + "name": "openSUSE-SU-2013:0277", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00029.html" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2013-0214", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2013-0214" + }, + { + "name": "SUSE-SU-2013:0519", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00042.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" + }, + { + "name": "RHSA-2014:0305", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0305.html" + }, + { + "name": "USN-2922-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2922-1" + }, + { + "name": "DSA-2617", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2617" + }, + { + "name": "RHSA-2013:1310", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1310.html" + }, + { + "name": "RHSA-2013:1542", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1542.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0827.json b/2013/0xxx/CVE-2013-0827.json index fae6094da07..0325fdb677f 100644 --- a/2013/0xxx/CVE-2013-0827.json +++ b/2013/0xxx/CVE-2013-0827.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0827", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0827", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0840.json b/2013/0xxx/CVE-2013-0840.json index 821c03dde27..753ca59751a 100644 --- a/2013/0xxx/CVE-2013-0840.json +++ b/2013/0xxx/CVE-2013-0840.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update_22.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update_22.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=170532", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=170532" - }, - { - "name" : "oval:org.mitre.oval:def:16335", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16335", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16335" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update_22.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update_22.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=170532", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=170532" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1122.json b/2013/1xxx/CVE-2013-1122.json index cae3cc56275..22cd94fc678 100644 --- a/2013/1xxx/CVE-2013-1122.json +++ b/2013/1xxx/CVE-2013-1122.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130206 Cisco Nexus 7000 M1-Series Modules Crafted Packet Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130206 Cisco Nexus 7000 M1-Series Modules Crafted Packet Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1122" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1754.json b/2013/1xxx/CVE-2013-1754.json index a900b3dd9d1..a4480cd2b86 100644 --- a/2013/1xxx/CVE-2013-1754.json +++ b/2013/1xxx/CVE-2013-1754.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1754", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1754", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1950.json b/2013/1xxx/CVE-2013-1950.json index bd557c0d6fd..2ad57efffdf 100644 --- a/2013/1xxx/CVE-2013-1950.json +++ b/2013/1xxx/CVE-2013-1950.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.infradead.org/users/steved/libtirpc.git/commitdiff/a9f437119d79a438cb12e510f3cadd4060102c9f", - "refsource" : "CONFIRM", - "url" : "http://git.infradead.org/users/steved/libtirpc.git/commitdiff/a9f437119d79a438cb12e510f3cadd4060102c9f" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=948378", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=948378" - }, - { - "name" : "RHSA-2013:0884", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0884.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=948378", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948378" + }, + { + "name": "http://git.infradead.org/users/steved/libtirpc.git/commitdiff/a9f437119d79a438cb12e510f3cadd4060102c9f", + "refsource": "CONFIRM", + "url": "http://git.infradead.org/users/steved/libtirpc.git/commitdiff/a9f437119d79a438cb12e510f3cadd4060102c9f" + }, + { + "name": "RHSA-2013:0884", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0884.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5061.json b/2013/5xxx/CVE-2013-5061.json index 78182b64403..70271c2616d 100644 --- a/2013/5xxx/CVE-2013-5061.json +++ b/2013/5xxx/CVE-2013-5061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5061", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5061", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5068.json b/2013/5xxx/CVE-2013-5068.json index 59d6190fe29..67181b7ea0a 100644 --- a/2013/5xxx/CVE-2013-5068.json +++ b/2013/5xxx/CVE-2013-5068.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5068", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5068", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5110.json b/2013/5xxx/CVE-2013-5110.json index bd31643aefb..3224e2afd1e 100644 --- a/2013/5xxx/CVE-2013-5110.json +++ b/2013/5xxx/CVE-2013-5110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5353.json b/2013/5xxx/CVE-2013-5353.json index 5574e820533..338a83c12ca 100644 --- a/2013/5xxx/CVE-2013-5353.json +++ b/2013/5xxx/CVE-2013-5353.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-5353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2013-9/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2013-9/" - }, - { - "name" : "64102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64102" - }, - { - "name" : "100604", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100604" - }, - { - "name" : "53936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53936" - }, - { - "name" : "sharetronix-cve20135353-file-upload(89502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sharetronix-cve20135353-file-upload(89502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89502" + }, + { + "name": "64102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64102" + }, + { + "name": "http://secunia.com/secunia_research/2013-9/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2013-9/" + }, + { + "name": "53936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53936" + }, + { + "name": "100604", + "refsource": "OSVDB", + "url": "http://osvdb.org/100604" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2032.json b/2014/2xxx/CVE-2014-2032.json index 48dd7046cd6..dc5447d90d9 100644 --- a/2014/2xxx/CVE-2014-2032.json +++ b/2014/2xxx/CVE-2014-2032.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-2032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140219 Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/19/15" - }, - { - "name" : "http://samiam.org/blog/2014-02-12.html", - "refsource" : "CONFIRM", - "url" : "http://samiam.org/blog/2014-02-12.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066609", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066609" - }, - { - "name" : "65595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65595" - }, - { - "name" : "1029771", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029771" - }, - { - "name" : "maradns-cve20142032-dos(91204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65595" + }, + { + "name": "[oss-security] 20140219 Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/19/15" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066609", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066609" + }, + { + "name": "1029771", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029771" + }, + { + "name": "http://samiam.org/blog/2014-02-12.html", + "refsource": "CONFIRM", + "url": "http://samiam.org/blog/2014-02-12.html" + }, + { + "name": "maradns-cve20142032-dos(91204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91204" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2221.json b/2014/2xxx/CVE-2014-2221.json index 2bdf7899705..bf52dcd04ed 100644 --- a/2014/2xxx/CVE-2014-2221.json +++ b/2014/2xxx/CVE-2014-2221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2221", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2221", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2853.json b/2014/2xxx/CVE-2014-2853.json index 663127b5efc..d24ec428835 100644 --- a/2014/2xxx/CVE-2014-2853.json +++ b/2014/2xxx/CVE-2014-2853.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20140424 MediaWiki Security and Maintenance Releases: 1.22.6 and 1.21.9", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091967", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091967" - }, - { - "name" : "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6", - "refsource" : "MISC", - "url" : "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251" - }, - { - "name" : "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8", - "refsource" : "CONFIRM", - "url" : "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8" - }, - { - "name" : "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5", - "refsource" : "CONFIRM", - "url" : "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5" - }, - { - "name" : "67068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67068" - }, - { - "name" : "1030161", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030161" - }, - { - "name" : "58262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67068" + }, + { + "name": "1030161", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030161" + }, + { + "name": "58262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58262" + }, + { + "name": "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6", + "refsource": "MISC", + "url": "https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6" + }, + { + "name": "[MediaWiki-announce] 20140424 MediaWiki Security and Maintenance Releases: 1.22.6 and 1.21.9", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html" + }, + { + "name": "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5", + "refsource": "CONFIRM", + "url": "https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=63251" + }, + { + "name": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8", + "refsource": "CONFIRM", + "url": "https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1091967", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091967" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0462.json b/2017/0xxx/CVE-2017-0462.json index a2ebcdbc5e0..782b19ce1d0 100644 --- a/2017/0xxx/CVE-2017-0462.json +++ b/2017/0xxx/CVE-2017-0462.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0860.json b/2017/0xxx/CVE-2017-0860.json index 1e3f93b4ee5..1d2ef91cf81 100644 --- a/2017/0xxx/CVE-2017-0860.json +++ b/2017/0xxx/CVE-2017-0860.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0896.json b/2017/0xxx/CVE-2017-0896.json index 4652634a5ec..ba962c194d4 100644 --- a/2017/0xxx/CVE-2017-0896.json +++ b/2017/0xxx/CVE-2017-0896.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Zulip Server", - "version" : { - "version_data" : [ - { - "version_value" : "1.5.1 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Zulip" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authorization (CWE-285)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zulip Server", + "version": { + "version_data": [ + { + "version_value": "1.5.1 and below" + } + ] + } + } + ] + }, + "vendor_name": "Zulip" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[zulip-announce] 20170601 Zulip Server 1.5.2 released", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/#!msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ" - }, - { - "name" : "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b", - "refsource" : "MISC", - "url" : "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b" - }, - { - "name" : "https://hackerone.com/reports/224210", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/224210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[zulip-announce] 20170601 Zulip Server 1.5.2 released", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/#!msg/zulip-announce/sUYeJv-fFmg/2TU2TLmNAwAJ" + }, + { + "name": "https://hackerone.com/reports/224210", + "refsource": "MISC", + "url": "https://hackerone.com/reports/224210" + }, + { + "name": "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b", + "refsource": "MISC", + "url": "https://github.com/zulip/zulip/commit/1f48fa27672170bba3b9a97384905bb04c18761b" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0904.json b/2017/0xxx/CVE-2017-0904.json index 5538876593f..29e0df94c27 100644 --- a/2017/0xxx/CVE-2017-0904.json +++ b/2017/0xxx/CVE-2017-0904.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2017-11-05T00:00:00", - "ID" : "CVE-2017-0904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "private_address_check ruby gem", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 0.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "jtdowney" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Inherently Dangerous Function (CWE-242)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2017-11-05T00:00:00", + "ID": "CVE-2017-0904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "private_address_check ruby gem", + "version": { + "version_data": [ + { + "version_value": "Versions before 0.4.0" + } + ] + } + } + ] + }, + "vendor_name": "jtdowney" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://edoverflow.com/2017/ruby-resolv-bug/", - "refsource" : "MISC", - "url" : "https://edoverflow.com/2017/ruby-resolv-bug/" - }, - { - "name" : "https://hackerone.com/reports/287245", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/287245" - }, - { - "name" : "https://hackerone.com/reports/287835", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/287835" - }, - { - "name" : "https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af", - "refsource" : "CONFIRM", - "url" : "https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af" - }, - { - "name" : "https://github.com/jtdowney/private_address_check/issues/1", - "refsource" : "CONFIRM", - "url" : "https://github.com/jtdowney/private_address_check/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Inherently Dangerous Function (CWE-242)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/287245", + "refsource": "MISC", + "url": "https://hackerone.com/reports/287245" + }, + { + "name": "https://edoverflow.com/2017/ruby-resolv-bug/", + "refsource": "MISC", + "url": "https://edoverflow.com/2017/ruby-resolv-bug/" + }, + { + "name": "https://github.com/jtdowney/private_address_check/issues/1", + "refsource": "CONFIRM", + "url": "https://github.com/jtdowney/private_address_check/issues/1" + }, + { + "name": "https://hackerone.com/reports/287835", + "refsource": "MISC", + "url": "https://hackerone.com/reports/287835" + }, + { + "name": "https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af", + "refsource": "CONFIRM", + "url": "https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000200.json b/2017/1000xxx/CVE-2017-1000200.json index 00e78065a84..3d126345048 100644 --- a/2017/1000xxx/CVE-2017-1000200.json +++ b/2017/1000xxx/CVE-2017-1000200.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.426872", - "ID" : "CVE-2017-1000200", - "REQUESTER" : "mgerstner@suse.de", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "tcmu-runner", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.5 to 1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "https://github.com/open-iscsi/tcmu-runner" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.426872", + "ID": "CVE-2017-1000200", + "REQUESTER": "mgerstner@suse.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/bb80e9c7a798f035768260ebdadffb6eb0786178", - "refsource" : "MISC", - "url" : "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/bb80e9c7a798f035768260ebdadffb6eb0786178" - }, - { - "name" : "RHSA-2017:3277", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3277", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3277" + }, + { + "name": "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/bb80e9c7a798f035768260ebdadffb6eb0786178", + "refsource": "MISC", + "url": "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/bb80e9c7a798f035768260ebdadffb6eb0786178" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000399.json b/2017/1000xxx/CVE-2017-1000399.json index 9e4b87cfe3f..819b1761577 100644 --- a/2017/1000xxx/CVE-2017-1000399.json +++ b/2017/1000xxx/CVE-2017-1000399.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-11-17", - "ID" : "CVE-2017-1000399", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.73.1 and earlier, 2.83 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API endpoint is now only available for tasks that the current user has access to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-11-17", + "ID": "CVE-2017-1000399", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-10-11/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-10-11/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API endpoint is now only available for tasks that the current user has access to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-10-11/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-10-11/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12097.json b/2017/12xxx/CVE-2017-12097.json index 319eb2d5115..2ced0e592ff 100644 --- a/2017/12xxx/CVE-2017-12097.json +++ b/2017/12xxx/CVE-2017-12097.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-01-10T00:00:00", - "ID" : "CVE-2017-12097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "delayed_job_web rails gem", - "version" : { - "version_data" : [ - { - "version_value" : "delayed\\_job\\_web 1.4" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-01-10T00:00:00", + "ID": "CVE-2017-12097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "delayed_job_web rails gem", + "version": { + "version_data": [ + { + "version_value": "delayed\\_job\\_web 1.4" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449" - }, - { - "name" : "102484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449" + }, + { + "name": "102484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102484" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12126.json b/2017/12xxx/CVE-2017-12126.json index e94996eaf61..26193fdf200 100644 --- a/2017/12xxx/CVE-2017-12126.json +++ b/2017/12xxx/CVE-2017-12126.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-13T00:00:00", - "ID" : "CVE-2017-12126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa EDR-810 V4.1 build 17030317" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-13T00:00:00", + "ID": "CVE-2017-12126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa", + "version": { + "version_data": [ + { + "version_value": "Moxa EDR-810 V4.1 build 17030317" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16177.json b/2017/16xxx/CVE-2017-16177.json index 32b1efe5c94..17d1ba1b72f 100644 --- a/2017/16xxx/CVE-2017-16177.json +++ b/2017/16xxx/CVE-2017-16177.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "chatbyvista node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "chatbyvista node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/chatbyvista", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/chatbyvista" - }, - { - "name" : "https://nodesecurity.io/advisories/462", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/chatbyvista", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/chatbyvista" + }, + { + "name": "https://nodesecurity.io/advisories/462", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/462" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16188.json b/2017/16xxx/CVE-2017-16188.json index 71e21666a49..badad8690c3 100644 --- a/2017/16xxx/CVE-2017-16188.json +++ b/2017/16xxx/CVE-2017-16188.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "reecerver node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "reecerver node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/reecerver", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/reecerver" - }, - { - "name" : "https://nodesecurity.io/advisories/443", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/443", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/443" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/reecerver", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/reecerver" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16298.json b/2017/16xxx/CVE-2017-16298.json index ac64b24053a..15014320d45 100644 --- a/2017/16xxx/CVE-2017-16298.json +++ b/2017/16xxx/CVE-2017-16298.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16298", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16298", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4093.json b/2017/4xxx/CVE-2017-4093.json index 5956bef2f8a..2fc14d96afa 100644 --- a/2017/4xxx/CVE-2017-4093.json +++ b/2017/4xxx/CVE-2017-4093.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4093", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4093", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4488.json b/2017/4xxx/CVE-2017-4488.json index 1bbaafae357..1b5284e9535 100644 --- a/2017/4xxx/CVE-2017-4488.json +++ b/2017/4xxx/CVE-2017-4488.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4488", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4488", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4496.json b/2017/4xxx/CVE-2017-4496.json index b85b1cb3673..3114869c15d 100644 --- a/2017/4xxx/CVE-2017-4496.json +++ b/2017/4xxx/CVE-2017-4496.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4496", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4496", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4941.json b/2017/4xxx/CVE-2017-4941.json index 5e0df516588..b1e519a3bac 100644 --- a/2017/4xxx/CVE-2017-4941.json +++ b/2017/4xxx/CVE-2017-4941.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2017-12-19T00:00:00", - "ID" : "CVE-2017-4941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ESXi", - "version" : { - "version_data" : [ - { - "version_value" : "6.0 before ESXi600-201711101-SG" - }, - { - "version_value" : "5.5 ESXi550-201709101-SG" - } - ] - } - }, - { - "product_name" : "Workstation", - "version" : { - "version_data" : [ - { - "version_value" : "12.x before 12.5.8" - } - ] - } - }, - { - "product_name" : "Fusion", - "version" : { - "version_data" : [ - { - "version_value" : "8.x before 8.5.9" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack overflow via authenticated VNC session" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2017-12-19T00:00:00", + "ID": "CVE-2017-4941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ESXi", + "version": { + "version_data": [ + { + "version_value": "6.0 before ESXi600-201711101-SG" + }, + { + "version_value": "5.5 ESXi550-201709101-SG" + } + ] + } + }, + { + "product_name": "Workstation", + "version": { + "version_data": [ + { + "version_value": "12.x before 12.5.8" + } + ] + } + }, + { + "product_name": "Fusion", + "version": { + "version_data": [ + { + "version_value": "8.x before 8.5.9" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2017-0021.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2017-0021.html" - }, - { - "name" : "1040024", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040024" - }, - { - "name" : "1040025", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack overflow via authenticated VNC session" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html" + }, + { + "name": "1040025", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040025" + }, + { + "name": "1040024", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040024" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4974.json b/2017/4xxx/CVE-2017-4974.json index 6e65754e87a..1abb65aefda 100644 --- a/2017/4xxx/CVE-2017-4974.json +++ b/2017/4xxx/CVE-2017-4974.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Foundry UAA", - "version" : { - "version_data" : [ - { - "version_value" : "Cloud Foundry UAA" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka \"Blind SQL Injection with privileged UAA endpoints.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Blind SQL Injection with privileged UAA endpoints" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry UAA", + "version": { + "version_data": [ + { + "version_value": "Cloud Foundry UAA" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/cve-2017-4974/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/cve-2017-4974/" - }, - { - "name" : "99254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka \"Blind SQL Injection with privileged UAA endpoints.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Blind SQL Injection with privileged UAA endpoints" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/cve-2017-4974/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/cve-2017-4974/" + }, + { + "name": "99254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99254" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5306.json b/2018/5xxx/CVE-2018-5306.json index c0ac83f97dc..2c263eaed43 100644 --- a/2018/5xxx/CVE-2018-5306.json +++ b/2018/5xxx/CVE-2018-5306.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the \"File Upload\" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180208 SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Feb/23" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html" - }, - { - "name" : "https://support.sonatype.com/hc/en-us/articles/360000134968", - "refsource" : "CONFIRM", - "url" : "https://support.sonatype.com/hc/en-us/articles/360000134968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the \"File Upload\" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180208 SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Feb/23" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html" + }, + { + "name": "https://support.sonatype.com/hc/en-us/articles/360000134968", + "refsource": "CONFIRM", + "url": "https://support.sonatype.com/hc/en-us/articles/360000134968" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5361.json b/2018/5xxx/CVE-2018-5361.json index bb9dcc6676b..506fa57a46b 100644 --- a/2018/5xxx/CVE-2018-5361.json +++ b/2018/5xxx/CVE-2018-5361.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9003", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/9003", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9003" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5854.json b/2018/5xxx/CVE-2018-5854.json index 9a6efde8090..b5ee51b0b43 100644 --- a/2018/5xxx/CVE-2018-5854.json +++ b/2018/5xxx/CVE-2018-5854.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-06-04T00:00:00", - "ID" : "CVE-2018-5854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based Buffer Overflow in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-06-04T00:00:00", + "ID": "CVE-2018-5854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file